ASP上两个防止SQL注入式攻击Function-阿里云开发者社区

ASP上两个防止SQL注入式攻击Function

2005-11-07 729

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： ''==========================''过滤提交表单中的SQL''==========================function ForSqlForm()dim fqys,errc,i,itemsdim nothis(18) nothis(0)="net user" n...

' '==========================

' '过滤提交表单中的SQL

' '==========================

function ForSqlForm()

dim fqys,errc,i,items

dim nothis( 18 )

nothis( 0 ) = " net user "

nothis( 1 ) = " xp_cmdshell "

nothis( 2 ) = " /add "

nothis( 3 ) = " exec%20master.dbo.xp_cmdshell "

nothis( 4 ) = " net localgroup administrators "

nothis( 5 ) = " select "

nothis( 6 ) = " count "

nothis( 7 ) = " asc "

nothis( 8 ) = " char "

nothis( 9 ) = " mid "

nothis( 10 ) = " '' "

nothis( 11 ) = " : "

nothis( 12 ) = " "" "

nothis( 13 ) = " insert "

nothis( 14 ) = " delete "

nothis( 15 ) = " drop "

nothis( 16 ) = " truncate "

nothis( 17 ) = " from "

nothis( 18 ) = " % "

' 'nothis(19)="@"

errc = false

for i = 0 to ubound (nothis)

for each items in request.Form

if instr (request.Form(items),nothis(i)) <> 0 then

response.write( " <div> " )

response.write( " 你所填写的信息: " & server.HTMLEncode(request.Form(items)) & " <br>含非法字符: " & nothis(i))

response.write( " </div> " )

response.write( " 对不起,你所填写的信息含非法字符！<a href=""#"" onclick=""history.back()"">返回</a> " )

response.End()

end if

end function

' '==========================

' '过滤查询中的SQL

' '==========================

function ForSqlInjection()

dim fqys,errc,i

dim nothis( 19 )

fqys = request.ServerVariables( " QUERY_STRING " )

nothis( 0 ) = " net user "

nothis( 1 ) = " xp_cmdshell "

nothis( 2 ) = " /add "

nothis( 3 ) = " exec%20master.dbo.xp_cmdshell "

nothis( 4 ) = " net localgroup administrators "

nothis( 5 ) = " select "

nothis( 6 ) = " count "

nothis( 7 ) = " asc "

nothis( 8 ) = " char "

nothis( 9 ) = " mid "

nothis( 10 ) = " '' "

nothis( 11 ) = " : "

nothis( 12 ) = " "" "

nothis( 13 ) = " insert "

nothis( 14 ) = " delete "

nothis( 15 ) = " drop "

nothis( 16 ) = " truncate "

nothis( 17 ) = " from "

nothis( 18 ) = " % "

nothis( 19 ) = " @ "

errc = false

for i = 0 to ubound (nothis)

if instr (FQYs,nothis(i)) <> 0 then

errc = true

end if

if errc then

response.write " 查询信息含非法字符！<a href=""#"" onclick=""history.back()"">返回</a> "

response.end

end if

end function

ASP上两个防止SQL注入式攻击Function

热门文章

最新文章

相关课程

相关电子书

相关实验场景

热门

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

ASP上两个防止SQL注入式攻击Function

热门文章

最新文章

相关课程

相关电子书

相关实验场景