ASP下的两个防止SQL注入式攻击的Function

2018-09-06 11:56

阅读:307

  用于防止sql注入攻击的 函数,大家可以直接用了,不过大家光会用不行,要增强安全意识
复制代码 代码如下:
==========================
过滤提交表单中的SQL
==========================
functionForSqlForm()
dimfqys,errc,i,items
dimnothis(18)
nothis(0)=netuser
nothis(1)=xp_cmdshell
nothis(2)=/add
nothis(3)=exec%20master.dbo.xp_cmdshell
nothis(4)=netlocalgroupadministrators
nothis(5)=select
nothis(6)=count
nothis(7)=asc
nothis(8)=char
nothis(9)=mid
nothis(10)=
nothis(11)=:
nothis(12)=
nothis(13)=insert
nothis(14)=delete
nothis(15)=drop
nothis(16)=truncate
nothis(17)=from
nothis(18)=%
nothis(19)=@
errc=false
fori=0toubound(nothis)
foreachitemsinrequest.Form
ifinstr(request.Form(items),nothis(i))<>0then
response.write(<div>)
response.write(你所填写的信息:&server.HTMLEncode(request.Form(items))&<br>含非法字符:&nothis(i))
response.write(</div>)
response.write(对不起,你所填写的信息含非法字符!<ahref=#onclick=history.back()>返回</a>)
response.End()
endif
next
next
endfunction
==========================
过滤查询中的SQL
==========================
functionForSqlInjection()
dimfqys,errc,i
dimnothis(19)
fqys=request.ServerVariables(QUERY_STRING)
nothis(0)=netuser
nothis(1)=xp_cmdshell
nothis(2)=/add
nothis(3)=exec%20master.dbo.xp_cmdshell
nothis(4)=netlocalgroupadministrators
nothis(5)=select
nothis(6)=count
nothis(7)=asc
nothis(8)=char
nothis(9)=mid
nothis(10)=
nothis(11)=:
nothis(12)=
nothis(13)=insert
nothis(14)=delete
nothis(15)=drop
nothis(16)=truncate
nothis(17)=from
nothis(18)=%
nothis(19)=@
errc=false
fori=0toubound(nothis)
ifinstr(FQYs,nothis(i))<>0then
errc=true
endif
next
iferrcthen
response.write查询信息含非法字符!<ahref=#onclick=history.back()>返回</a>
response.end
endif
endfunction


评论


亲,登录后才可以留言!