'******************************=
'函式名:checkstr(byval chkstr)
'作用:非法字元替換,防sql注入
'******************************=
function checkstr(byval chkstr)
dim str:str=chkstr
str=trim(str)
if isnull(str) then
checkstr = ""
exit function
end if
dim re
set re=new regexp
re.ignorecase =true
re.global=true
re.pattern="(/r/n)"
str=re.replace(str,"$1$1$1")
set re=nothing 'net localgroup administrators
str = replace(str,"net localgroup administrators","net localgroup administrators")
str = replace(str,"exec%20master.dbo.xp_cmdshell","exec%20master.dbo.xp_cmdshell")
str = replace(str,"/add","/add")
str = replace(str,"xp_cmdshell","xp_cmdshell")
str = replace(str,"net user","net user")
str = replace(str,"'","''")
str = replace(str, "select", "select")
str = replace(str, "join", "join")
str = replace(str, "union", "union")
str = replace(str, "where", "where")
str = replace(str, "insert", "insert")
str = replace(str, "delete", "delete")
str = replace(str, "update", "update")
str = replace(str, "like", "like")
str = replace(str, "drop", "drop")
str = replace(str, "create", "create")
str = replace(str, "modify", "modify")
str = replace(str, "rename", "rename")
str = replace(str, "alter", "alter")
str = replace(str, "cast", "cast")
checkstr=str
end function
asp字元替換
st 你好,請問你是的嗎?希望能支援我們的調查.dim a 2 b 2 a 0 a 1 a 2 b 0 alex b 1 先生 b 2 電信 function replacetest patrn,replstr dim regex 建立變數。set regex new regexp 建立正規表示式。...
ASP防SQL注入程式
sql注入被那些菜鳥級別的所謂黑客高手玩出了滋味,發現現在大部分黑客入侵都是基於sql注入實現的,哎,誰讓這個入門容易呢,好了,不說廢話了,現在我開始說如果編寫通用的sql防注入程式一般的http請求不外乎get 和 post,所以只要我們在檔案中過濾所有post或者get請求中的引數資訊中非法字元...
ASP防SQL注入程式
編寫通用的sql防注入程式一般的http請求不外乎get 和 post,所以只要我們在檔案中過濾所有post或者get請求中的引數資訊中非法字元即可,所以我們實現http 請求資訊過濾就可以判斷是是否受到sql注入攻擊。iis傳遞給asp.dll的get 請求是是以字串的形式,當 傳遞給reques...