WEB开发网      濠电姷鏁告繛鈧繛浣冲洤纾瑰┑鐘宠壘閻ょ偓銇勯幇鍫曟闁稿鍠愰妵鍕冀閵娧佲偓鎺楁⒒閸曨偄顏柡宀嬬畱铻e〒姘煎灡绗戦梻浣筋嚙濮橈箓顢氳濠€浣糕攽閻樿宸ュΔ鐘叉啞缁傚秹宕滆绾惧ジ寮堕崼娑樺缂佹宀搁弻鐔风暋閻楀牆娈楅梺璇″枓閺呯姴鐣疯ぐ鎺濇晝闁靛牆妫欓蹇旂節閻㈤潧浠﹂柛銊ョ埣楠炴劙骞橀鑲╋紱闂佽宕樼粔顔裤亹閹烘挸浜归梺缁樺灦閿曗晛螞閸曨垱鈷戦柟鑲╁仜婵″ジ鎮楀☉鎺撴珖缂侇喖顑呴鍏煎緞濡粯娅囬梻浣瑰缁诲倿寮绘繝鍥ㄦ櫇闁稿本绋撻崢鐢告煟鎼淬垻鈯曢柨姘舵煟韫囥儳绋荤紒缁樼箖缁绘繈宕橀妸褌绱濋梻浣筋嚃閸ㄤ即宕弶鎴犳殾闁绘梻鈷堥弫鍌炴煕閳锯偓閺呮瑧妲愬Ο琛℃斀闁绘劕妯婇崵鐔封攽椤旇棄鍔ら摶鐐烘煕閺囥劌澧柛娆忕箻閺屽秹宕崟顒€娅g紓浣插亾濠㈣泛顑囩粻楣冩煙鐎涙ḿ绠橀柨娑樼У椤ㄣ儵鎮欓鍕紙闂佽鍠栫紞濠傜暦閹偊妲诲┑鈩冨絻椤兘寮诲☉銏犖╅柕澶堝労閸斿绱撴担绋库偓鍝ョ矓瑜版帒鏋侀柟鍓х帛閺呮悂鏌ㄩ悤鍌涘 ---闂傚倸鍊烽悞锔锯偓绗涘厾娲煛閸涱厾顔嗛梺璺ㄥ櫐閹凤拷
开发学院WEB开发ASP ASP上两个防止SQL注入式攻击Function 阅读

ASP上两个防止SQL注入式攻击Function

 2005-08-04 10:31:01 来源:WEB开发网 闂傚倸鍊风欢姘缚瑜嶈灋闁圭虎鍠栫粻顖炴煥閻曞倹瀚�闂傚倸鍊风粈渚€骞夐敓鐘插瀭闁汇垹鐏氬畷鏌ユ煙閹殿喖顣奸柛搴$У閵囧嫰骞掗幋婵冨亾閻㈢ǹ纾婚柟鐐灱濡插牊绻涢崱妤冃℃繛宀婁簽缁辨捇宕掑鎵佹瀸闂佺懓鍤栭幏锟�濠电姷鏁告慨顓㈠箯閸愵喖宸濇い鎾寸箘閹规洟姊绘笟鈧ḿ褍煤閵堝悿娲Ω閳轰胶鍔﹀銈嗗笂閼冲爼鍩婇弴銏$厪闁搞儮鏅涙禒褏绱掓潏鈺佷槐闁轰焦鎹囬弫鎾绘晸閿燂拷闂傚倸鍊风欢姘缚瑜嶈灋闁圭虎鍠栫粻顖炴煥閻曞倹瀚�  闂傚倸鍊烽懗鑸电仚缂備胶绮〃鍛村煝瀹ュ鍗抽柕蹇曞У閻庮剟姊虹紒妯哄闁圭⒈鍋嗛惀顏囶樄闁哄本娲樼换婵婄疀閺囩姷鐛ラ梻浣哄帶婢瑰﹥绂嶅⿰鍫氣偓鏃堝礃椤忎礁浜鹃柨婵嗛婢ь喖霉閻樻瑥瀚粻楣冩煕椤愩倕鏋庨柣蹇嬪劜閵囧嫰寮村Ο鍝勫Е濡炪們鍨洪悷鈺呭箖閳╁啯鍎熼柕鍥у簻閹凤拷
核心提示:'=='过滤提交表单中的SQL'==function ForSqlForm() dim fqys,errc,i,items dim nothis(18) nothis(0)="net user" nothis(1)="xp_cmdshell" not

'==========================
'过滤提交表单中的SQL
'==========================
function ForSqlForm()
 dim fqys,errc,i,items
 dim nothis(18)
 nothis(0)="net user"

 nothis(1)="xp_cmdshell"

 nothis(2)="/add"

 nothis(3)="exec%20master.dbo.xp_cmdshell"

 nothis(4)="net localgroup administrators"

 nothis(5)="select"

 nothis(6)="count"

 nothis(7)="asc"

 nothis(8)="char"

 nothis(9)="mid"

 nothis(10)="'"

 nothis(11)=":"

 nothis(12)=""""

 nothis(13)="insert"

 nothis(14)="delete"

 nothis(15)="drop"

 nothis(16)="truncate"

 nothis(17)="from"

 nothis(18)="%"
 
 'nothis(19)="@" 

 errc=false

 for i= 0 to ubound(nothis)
  for each items in request.Form
  if instr(request.Form(items),nothis(i))<>0 then
  response.write("<div>")
  response.write("你所填写的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i))
  response.write("</div>")
  response.write("对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>")
  response.End()
  end if
  next
 next
end function
'==========================
'过滤查询中的SQL
'==========================
function ForSqlInjection()
 dim fqys,errc,i
 dim nothis(19)
 fqys = request.ServerVariables("QUERY_STRING")
 nothis(0)="net user"

 nothis(1)="xp_cmdshell"

 nothis(2)="/add"

 nothis(3)="exec%20master.dbo.xp_cmdshell"

 nothis(4)="net localgroup administrators"

 nothis(5)="select"

 nothis(6)="count"

 nothis(7)="asc"

 nothis(8)="char"

 nothis(9)="mid"

 nothis(10)="'"

 nothis(11)=":"

 nothis(12)=""""

 nothis(13)="insert"

 nothis(14)="delete"

 nothis(15)="drop"

 nothis(16)="truncate"

 nothis(17)="from"

 nothis(18)="%"
 
 nothis(19)="@" 

 errc=false

 for i= 0 to ubound(nothis)

 if instr(FQYs,nothis(i))<>0 then

 errc=true

 end if

 next

 if errc then
 response.write "查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>"
 response.end

 end if

end function

Tags:ASP 两个 防止

编辑录入:爽爽 [复制链接] [打 印]
更多精彩
赞助商链接

热点阅读
焦点图片
最新推荐
精彩阅读