ASP上兩個防止SQL注入式攻擊Function

2021-04-01 23:57:35 字數 2124 閱讀 6255

function forsqlform()

dim fqys,errc,i,items

dim nothis(18)

nothis(0)="net user"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="net localgroup administrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="'"

nothis(11)=":"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

'nothis(19)="@" 

errc=false

for i= 0 to ubound(nothis)

for each items in request.form

if instr(request.form(items),nothis(i))<>0 then

response.write("")

response.write("你所填寫的資訊:" & server.htmlencode(request.form(items)) & "

含非法字元:" & nothis(i))

response.write("

")response.write("對不起,你所填寫的資訊含非法字元!返回")

response.end()

end if

next

next

end function

'*************************=

'過濾查詢中的sql

'*************************=

function forsqlinjection()

dim fqys,errc,i

dim nothis(19)

fqys = request.servervariables("query_string")

nothis(0)="net user"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="net localgroup administrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="'"

nothis(11)=":"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

nothis(19)="@" 

errc=false

for i= 0 to ubound(nothis)

if instr(fqys,nothis(i))<>0 then

errc=true

end if

next

if errc then

response.write "查詢資訊含非法字元!返回"

response.end

end if

end function

ASP上兩個防止SQL注入式攻擊Function

過濾提交表單中的sql function forsqlform dim fqys,errc,i,items dim nothis 18 nothis 0 net user nothis 1 xp cmdshell nothis 2 add nothis 3 exec 20master.dbo.xp ...

ASP上兩個防止SQL注入式攻擊Function

過濾提交表單中的sql function forsqlform dim fqys,errc,i,items dim nothis 18 nothis 0 net user nothis 1 xp cmdshell nothis 2 add nothis 3 exec 20master.dbo.xp ...

sql注入的兩個小技巧

在xfocus看了一篇文章 update注射 mysql php 的兩個模式http xfocus.net articles 200508 815.html 分析一下他所說的兩個模式 假設有表userinfo 該錶有三個字段 使用者名稱username 使用者密碼pass 使用者許可權groupid...