zoukankan
html css js c++ java
ASP上两个防止SQL注入式攻击Function
'
'==========================
'
'过滤提交表单中的SQL
'
'==========================
function
ForSqlForm()
dim
fqys,errc,i,items
dim
nothis(
18
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
'
'nothis(19)="@"
errc
=
false
for
i
=
0
to
ubound
(nothis)
for
each
items in request.Form
if
instr
(request.Form(items),nothis(i))
<>
0
then
response.write(
"
<div>
"
)
response.write(
"
你所填写的信息:
"
&
server.HTMLEncode(request.Form(items))
&
"
<br>含非法字符:
"
&
nothis(i))
response.write(
"
</div>
"
)
response.write(
"
对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
)
response.End()
end
if
next
next
end function
'
'==========================
'
'过滤查询中的SQL
'
'==========================
function
ForSqlInjection()
dim
fqys,errc,i
dim
nothis(
19
)
fqys
=
request.ServerVariables(
"
QUERY_STRING
"
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
nothis(
19
)
=
"
@
"
errc
=
false
for
i
=
0
to
ubound
(nothis)
if
instr
(FQYs,nothis(i))
<>
0
then
errc
=
true
end
if
next
if
errc
then
response.write
"
查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
response.end
end
if
end function
查看全文
相关阅读:
计算机原理 发展简史
计算机原理 系统构成
网络工程师级考试大纲
软件工程师能力要求
数据库主体在该数据库中拥有架构,无法删除解决方法
【转】时时间已到。超时时间已到,但是尚未从池中获取连接。出现这种情况可能是因为所有池连接均在使用,并且达到了最大池大小。
Rabbit mq订阅方式获取消息并可设置持久化
OpenGL 核心技术之立方体贴图
ArcGIS Engine问答:为什么地理数据库中不能产生同名要素类
Cocos2d-X中的声音和音效
原文地址:https://www.cnblogs.com/flyfish/p/386047.html
最新文章
进程的虚拟地址空间,堆栈、堆、数据段、代码段
swagger2 如何匹配多个controller
IDEA如何查看maven的依赖结构
直接使用security.basic.path无效|——springboot2.0以上的security的配置
如何保证 spring-boot 和 spring-cloud版本一致
mysql中存储字段类型的查询效率
MySql的CURRENT_TIMESTAMP
IDEA修改module的名字
IDEA 不识别的MAVEN 项目应如何处理
MySQL中 如何查询表名中包含某字段的表
热门文章
github 快速部署
最简单的spring boot web项目
IDEA 新建 module
IDEA添加配置文件到classpath
代码库-读取属性文件中的值
负载均衡服务器如何保证上传文件同步
在IIS上SSL的部署和启动SSL安全【转】
IIS 7.0 SSL 部署指南
如何在IIS7或IIS7.5中导入导出站点及应用程序池
删除文件时,提示没权限删除文件怎么办
Copyright © 2011-2022 走看看