function checkstr(str)
if isnull(str) then
checkstr = ""
exit function
end if
str = replace(str,chr(0),"", 1, -1, 1)
str = replace(str, """", """, 1, -1, 1)
str = replace(str,"<","<", 1, -1, 1)
str = replace(str,">",">", 1, -1, 1)
str = replace(str, "script", "script", 1, -1, 0)
str = replace(str, "script", "script", 1, -1, 0)
str = replace(str, "script", "script", 1, -1, 0)
str = replace(str, "script", "script", 1, -1, 1)
str = replace(str, "object", "object", 1, -1, 0)
str = replace(str, "object", "object", 1, -1, 0)
str = replace(str, "object", "object", 1, -1, 0)
str = replace(str, "object", "object", 1, -1, 1)
str = replace(str, "[", "[")
str = replace(str, "]", "]")
str = replace(str, """", "", 1, -1, 1)
str = replace(str, "=", "=", 1, -1, 1)
str = replace(str, "'", "''", 1, -1, 1)
str = replace(str, "select", "select", 1, -1, 1)
str = replace(str, "execute", "execute", 1, -1, 1)
str = replace(str, "exec", "exec", 1, -1, 1)
str = replace(str, "join", "join", 1, -1, 1)
str = replace(str, "union", "union", 1, -1, 1)
str = replace(str, "where", "where", 1, -1, 1)
str = replace(str, "insert", "insert", 1, -1, 1)
str = replace(str, "delete", "delete", 1, -1, 1)
str = replace(str, "update", "update", 1, -1, 1)
str = replace(str, "like", "like", 1, -1, 1)
str = replace(str, "drop", "drop", 1, -1, 1)
str = replace(str, "create", "create", 1, -1, 1)
str = replace(str, "rename", "rename", 1, -1, 1)
str = replace(str, "count", "count", 1, -1, 1)
str = replace(str, "chr", "chr", 1, -1, 1)
str = replace(str, "mid", "mid", 1, -1, 1)
str = replace(str, "truncate", "truncate", 1, -1, 1)
str = replace(str, "nchar", "nchar", 1, -1, 1)
str = replace(str, "char", "char", 1, -1, 1)
str = replace(str, "alter", "alter", 1, -1, 1)
str = replace(str, "cast", "cast", 1, -1, 1)
str = replace(str, "exists", "exists", 1, -1, 1)
str = replace(str,chr(13),"
", 1, -1, 1)
checkstr = replace(str,"'","''", 1, -1, 1)
end function
php如何防sql注入,php如何預防sql注入
在查詢資料庫時需要防止sql注入 實現的方法 php自帶了方法可以將sql語句轉義,在資料庫查詢語句等的需要在某些字元前加上了反斜線。這些字元是單引號 雙引號 反斜線 與 nul null 字元 推薦學習 php程式設計從入門到精通 string addslashes string str 該函式返...
php如何防sql注入,PHP如何防止SQL注入
一 引言 php是一種力量強大但相當容易學習的伺服器端指令碼語言,即使是經驗不多的程式設計師也能夠使用它來建立複雜的動態的web站點,然後,我們討論php指令碼實現中的普遍存在的脆弱性。我們將解釋如何保護你的指令碼免於sql注入,防止跨站點指令碼化和遠端執行,並且阻止對臨時檔案及會話的 劫持 二 什...
防SQL注入
這段 有好處也有壞處,用的時候得小心,搞不好就會跳進錯誤 dimsql injdata sql injdata and exec insert select delete update chr mid master truncate char declare sql inj split sql in...