彻底解决asp注入漏洞不再任人宰割!绝对原创!
来源:互联网 发布:.net php java对比 编辑:程序博客网 时间:2024/06/05 10:07
本人最近研究彻底解决asp注入漏洞的方法!希望大家多提建议
原理,就是象java一样使用preparestatement.
下面例子连接的是sql server数据库
代码如下:
PrepareSql.asp
<%
' 定义数据库操作常量
Const adStateClosed = 0
Const adOpenForwardOnly = 0, adOpenKeyset = 1, adOpenDynamic = 2, adOpenStatic = 3
Const adLockReadOnly = 1, adLockPessimistic = 2, adLockOptimistic = 3, adLockBatchOptimistic = 4
Const adCmdText = 1, adCmdTable = 2, adCmdStoredProc = 4, adExecuteNoRecords = 128
Const adBigInt = 20, adBoolean = 11, adChar = 129, adDate = 7, adInteger = 3, adSmallInt = 2, adTinyInt = 16, adVarChar = 200
const adParamInput = 1, adParamOutput = 2, adParamInputOutput = 3, adParamReturnValue = 4
%>
<%Class PrepareSQL
Private cmdPrep
Private m_String
Private m_Sql
Private m_conn
public function setconn(conn)
set m_conn=conn
end function
Public Function prepare(sql)
set cmdPrep=nothing
SET cmdPrep=Server.CreateObject("ADODB.Command")
set cmdPrep.ActiveConnection=m_conn
cmdPrep.CommandText =sql
End Function
Public Function setInt(theValue )
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adInteger, adParamInput,, theValue)
End Function
Public Function setDate(theValue )
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adVarChar, adParamInput, 100, theValue)
End Function
Public Function setBoolean(theValue )
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adBoolean, adParamInput, 1, theValue)
End Function
Public Function setString(theValue )
if(len(theValue)=0 )then
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adVarChar, adParamInput, 1, theValue)
else
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adVarChar, adParamInput, lenb(theValue), theValue)
end if
End Function
Public Function execute()
set execute=cmdPrep.Execute
End Function
End Class%>
test.asp
<!--#include file="../include/datastore.asp"-->
<!--#include file="../include/PrepareSql.asp"-->
<%
Dim ps
Dim cn
set cn=server.CreateObject("adodb.connection")
Dim strcn
strCn="driver={SQL server};server=127.0.0.1;uid=sa;pwd=test;database=PUBS"
cn.Open strCn
set ps=new PrepareSql
ps.setconn cn
ps.prepare "select * from user where id =?"
ps.setint 1
dim rs
set rs=ps.execute
%>
- 彻底解决asp注入漏洞不再任人宰割!绝对原创!
- 彻底解决asp注入漏洞的方法
- ASP注入漏洞全接触
- ASP防注入漏洞方法
- ASP注入漏洞全接触
- ASP注入漏洞全接触
- ASP注入漏洞全接触
- ASP防注入漏洞方法
- ASP注入漏洞全接触
- SQL注入--ASP注入漏洞全接触
- asp.net Gridview用法大全 绝对原创
- ASP注入漏洞全接触(转东转西)
- 破解asp网页sql注入漏洞
- 脚本入侵讲解-asp注入漏洞
- 风讯(FoosunCMS) SetNextOptions.asp注入漏洞利用
- asp终极防范SQL注入漏洞
- ASP网站如何防止注入漏洞攻击
- ASP+ACCESS SQL注入漏洞修复代码
- 人生致命的八个经典问题
- 几个链接
- Robust Java读书笔记
- 九连环问题解决
- js转贴
- 彻底解决asp注入漏洞不再任人宰割!绝对原创!
- phplib template简明教程
- Java 面试中的陷阱
- jmail收取POP3邮件代码-C#应用程序
- IBM实习小结
- BEGIN DISTRIBUTED TRANSACTION
- 使用kgdb调试linux内核及内核模块
- 通知书(2)
- 项目经验-刘斌