ASP上两个防止SQL注入式攻击Function-阿里云开发者社区

ASP上两个防止SQL注入式攻击Function

2005-11-07 714

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： ''==========================''过滤提交表单中的SQL''==========================function ForSqlForm()dim fqys,errc,i,itemsdim nothis(18) nothis(0)="net user" n...

' '==========================

' '过滤提交表单中的SQL

' '==========================

function ForSqlForm()

dim fqys,errc,i,items

dim nothis( 18 )

nothis( 0 ) = " net user "

nothis( 1 ) = " xp_cmdshell "

nothis( 2 ) = " /add "

nothis( 3 ) = " exec%20master.dbo.xp_cmdshell "

nothis( 4 ) = " net localgroup administrators "

nothis( 5 ) = " select "

nothis( 6 ) = " count "

nothis( 7 ) = " asc "

nothis( 8 ) = " char "

nothis( 9 ) = " mid "

nothis( 10 ) = " '' "

nothis( 11 ) = " : "

nothis( 12 ) = " "" "

nothis( 13 ) = " insert "

nothis( 14 ) = " delete "

nothis( 15 ) = " drop "

nothis( 16 ) = " truncate "

nothis( 17 ) = " from "

nothis( 18 ) = " % "

' 'nothis(19)="@"

errc = false

for i = 0 to ubound (nothis)

for each items in request.Form

if instr (request.Form(items),nothis(i)) <> 0 then

response.write( " <div> " )

response.write( " 你所填写的信息: " & server.HTMLEncode(request.Form(items)) & " <br>含非法字符: " & nothis(i))

response.write( " </div> " )

response.write( " 对不起,你所填写的信息含非法字符！<a href=""#"" onclick=""history.back()"">返回</a> " )

response.End()

end if

end function

' '==========================

' '过滤查询中的SQL

' '==========================

function ForSqlInjection()

dim fqys,errc,i

dim nothis( 19 )

fqys = request.ServerVariables( " QUERY_STRING " )

nothis( 0 ) = " net user "

nothis( 1 ) = " xp_cmdshell "

nothis( 2 ) = " /add "

nothis( 3 ) = " exec%20master.dbo.xp_cmdshell "

nothis( 4 ) = " net localgroup administrators "

nothis( 5 ) = " select "

nothis( 6 ) = " count "

nothis( 7 ) = " asc "

nothis( 8 ) = " char "

nothis( 9 ) = " mid "

nothis( 10 ) = " '' "

nothis( 11 ) = " : "

nothis( 12 ) = " "" "

nothis( 13 ) = " insert "

nothis( 14 ) = " delete "

nothis( 15 ) = " drop "

nothis( 16 ) = " truncate "

nothis( 17 ) = " from "

nothis( 18 ) = " % "

nothis( 19 ) = " @ "

errc = false

for i = 0 to ubound (nothis)

if instr (FQYs,nothis(i)) <> 0 then

errc = true

end if

if errc then

response.write " 查询信息含非法字符！<a href=""#"" onclick=""history.back()"">返回</a> "

response.end

end if

end function

ASP上两个防止SQL注入式攻击Function

热门文章

最新文章

相关课程

相关电子书

相关实验场景