zoukankan
html css js c++ java
ASP上两个防止SQL注入式攻击Function
'
'==========================
'
'过滤提交表单中的SQL
'
'==========================
function
ForSqlForm()
dim
fqys,errc,i,items
dim
nothis(
18
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
'
'nothis(19)="@"
errc
=
false
for
i
=
0
to
ubound
(nothis)
for
each
items in request.Form
if
instr
(request.Form(items),nothis(i))
<>
0
then
response.write(
"
<div>
"
)
response.write(
"
你所填写的信息:
"
&
server.HTMLEncode(request.Form(items))
&
"
<br>含非法字符:
"
&
nothis(i))
response.write(
"
</div>
"
)
response.write(
"
对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
)
response.End()
end
if
next
next
end function
'
'==========================
'
'过滤查询中的SQL
'
'==========================
function
ForSqlInjection()
dim
fqys,errc,i
dim
nothis(
19
)
fqys
=
request.ServerVariables(
"
QUERY_STRING
"
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
nothis(
19
)
=
"
@
"
errc
=
false
for
i
=
0
to
ubound
(nothis)
if
instr
(FQYs,nothis(i))
<>
0
then
errc
=
true
end
if
next
if
errc
then
response.write
"
查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
response.end
end
if
end function
查看全文
相关阅读:
UnityWebgl错误-Uncaught DOMException: Blocked a frame with origin "" from accessing a cross-origin frame
【Oracle123】v$sql 视图
【QA123】ISO9126软件质量模型
【测试工具123】HP LoadRunner
【CSV123】如何使用Excel打开CSV并保留大数字精度
【Java123】
【FRM-Level2】2020 FRM二级考纲变化
【FRM-Level2】2020 FRM二级 Current Issues
【Oracle123】Oracle数据导入导出
【中间件123】消息队列性能对比
原文地址:https://www.cnblogs.com/flyfish/p/386047.html
最新文章
NFS动态分配PV理解StorageClass-NFS不支持扩容
centos7 防火墙的配置
win7+centos7.2双系统安装
Linux下NFS服务器的搭建与配置
8G的U盘格式化以后容量突然减少为2.5M
Linux visudo配置详解
Linux企业生产环境用户权限集中管理项目方案案例
centos6.5 安装eclipse
Linux find命令详解
DHCP 协议详解
热门文章
Python Socket TypeError: a bytes-like object is required, not 'str' 错误提示
Unity 查找btn方法并改变状态添加事件
sql查询-如果字段为null时,用其他值代替
Sql 判断日期是否在同一天
jquery里与jquery外获取控件值
layui使用ajax
AJAX实例
使用了ValidateAntiForgeryToken,$.ajax提交时提示Bad Request 400
javascript自动触发按键
iframe嵌套 子页面 父页面相互取元素和方法
Copyright © 2011-2022 走看看