asp实现防止从外部提交数据的三种方法第13页
2018-09-06 12:34
防止从外部提交数据的方法
第一种做法,屏蔽特殊字符和关键字
fqys=request.servervariables(query_string)
dimnothis(18)
nothis(0)=netuser
nothis(1)=xp_cmdshell
nothis(2)=/add
nothis(3)=exec%20master.dbo.xp_cmdshell
nothis(4)=netlocalgroupadministrators
nothis(5)=select
nothis(6)=count
nothis(7)=asc
nothis(8)=char
nothis(9)=mid
nothis(10)=
nothis(11)=:
nothis(12)=
nothis(13)=insert
nothis(14)=delete
nothis(15)=drop
nothis(16)=truncate
nothis(17)=from
nothis(18)=%
errc=false
fori=0toubound(nothis)
ifinstr(FQYs,nothis(i))<>0then
errc=true
endif
next
iferrcthen
response.write<scriptlanguage=javascript>
response.writeparent.alert(很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..);
response.writeself.location.href=default.asp;
response.write</script>
response.end
endif
123下一页阅读全文
文章标题:asp实现防止从外部提交数据的三种方法第13页
文章链接:http://soscw.com/index.php/essay/10461.html