zoukankan      html  css  js  c++  java
  • 两个防SQL注入过滤代码

    <%
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    'ASP通用防注入代码
    '您可以把该代码COPY到头文件中.也可以单独作
    '为一个文件存在,每次调用使用
    '作者:y3gu - 2005-7-29
    'http://www.dosu.cn
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    Dim GetFlag Rem(提交方式)
    Dim ErrorSql Rem(非法字符)
    Dim RequestKey Rem(提交数据)
    Dim ForI Rem(循环标记)
    ErrorSql = "'~;~and~(~)~exec~update~count~*~%~chr~mid
    ~master~truncate~char~declare" Rem(每个敏感字符或者词语请使用半角 "~" 格开)
    ErrorSql = split(ErrorSql,"~")
    If Request.ServerVariables("REQUEST_METHOD")="GET" Then
    GetFlag=True
    Else
    GetFlag=False
    End If
    If GetFlag Then
    For Each RequestKey In Request.QueryString
    For ForI=0 To Ubound(ErrorSql)
    If Instr(LCase(Request.QueryString(RequestKey)),
    ErrorSql(ForI))<>0 Then
    response.write "<script>alert(""警告:\n请不要使用敏感字符"");location.href=""Sql.asp"";</script>"
    Response.End
    End If
    Next
    Next
    Else
    For Each RequestKey In Request.Form
    For ForI=0 To Ubound(ErrorSql)
    If Instr(LCase(Request.Form(RequestKey)),
    ErrorSql(ForI))<>0 Then
    response.write "<script>alert(""警告:\n请不要使用敏感字符"");location.href=""Sql.asp"";</script>"
    Response.End
    End If
    Next
    Next
    End If
    %>

    第二个

    Function Checkstr(Str)
    If Isnull(Str) Then
    CheckStr = ""
    Exit Function
    End If
    Str = Replace(Str,Chr(0),"", 1, -1, 1)
    Str = Replace(Str, """", """, 1, -1, 1)
    Str = Replace(Str,"<;","<;", 1, -1, 1)
    Str = Replace(Str,">;",">;", 1, -1, 1)
    Str = Replace(Str, "script", "script", 1, -1, 0)
    Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
    Str = Replace(Str, "Script", "Script", 1, -1, 0)
    Str = Replace(Str, "script", "Script", 1, -1, 1)
    Str = Replace(Str, "object", "object", 1, -1, 0)
    Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
    Str = Replace(Str, "Object", "Object", 1, -1, 0)
    Str = Replace(Str, "object", "Object", 1, -1, 1)
    Str = Replace(Str, "applet", "applet", 1, -1, 0)
    Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
    Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
    Str = Replace(Str, "applet", "Applet", 1, -1, 1)
    Str = Replace(Str, "[", "[")
    Str = Replace(Str, "]", "]")
    Str = Replace(Str, """", "", 1, -1, 1)
    Str = Replace(Str, "=", "=", 1, -1, 1)
    Str = Replace(Str, "’", "’’", 1, -1, 1)
    Str = Replace(Str, "select", "select", 1, -1, 1)
    Str = Replace(Str, "execute", "execute", 1, -1, 1)
    Str = Replace(Str, "exec", "exec", 1, -1, 1)
    Str = Replace(Str, "join", "join", 1, -1, 1)
    Str = Replace(Str, "union", "union", 1, -1, 1)
    Str = Replace(Str, "where", "where", 1, -1, 1)
    Str = Replace(Str, "insert", "insert", 1, -1, 1)
    Str = Replace(Str, "delete", "delete", 1, -1, 1)
    Str = Replace(Str, "update", "update", 1, -1, 1)
    Str = Replace(Str, "like", "like", 1, -1, 1)
    Str = Replace(Str, "drop", "drop", 1, -1, 1)
    Str = Replace(Str, "create", "create", 1, -1, 1)
    Str = Replace(Str, "rename", "rename", 1, -1, 1)
    Str = Replace(Str, "count", "count", 1, -1, 1)
    Str = Replace(Str, "chr", "chr", 1, -1, 1)
    Str = Replace(Str, "mid", "mid", 1, -1, 1)
    Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
    Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
    Str = Replace(Str, "char", "char", 1, -1, 1)
    Str = Replace(Str, "alter", "alter", 1, -1, 1)
    Str = Replace(Str, "cast", "cast", 1, -1, 1)
    Str = Replace(Str, "exists", "exists", 1, -1, 1)
    Str = Replace(Str,Chr(13),"<;br>;", 1, -1, 1)
    CheckStr = Replace(Str,"’","’’", 1, -1, 1)
    End Function
  • 相关阅读:
    SharePoint 2013 中的SQL Server 安全
    SharePoint 2013 的HTML5特性之响应式布局
    SharePoint 2013 一些小技巧
    SharePoint 2013 排错之"Code blocks are not allowed in this file"
    SharePoint 2013 创建搜索中心及搜索设置
    SharePoint 2013 使用PowerShell创建State Service
    SharePoint 2013 内容部署功能简介
    SharePoint 使用PowerShell恢复误删的网站集
    SharePoint 自定义WebPart之间的连接
    linux之misc及使用misc创建字符设备
  • 原文地址:https://www.cnblogs.com/lgms2008/p/794799.html
Copyright © 2011-2022 走看看