'SQL防入库函数
来源:互联网 发布:淘宝店铺的信誉等级 编辑:程序博客网 时间:2024/04/28 23:34
'SQL防入库函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=request(ParaName)
if ParaValue = "" then
SafeRequest = ""
exit function
end if
'过虑非法字符
ParaValue = replace(ParaValue,"'","")
ParaValue = replace(ParaValue,"select ","")
ParaValue = replace(ParaValue,"insert ","")
ParaValue = replace(ParaValue,"delete ","")
ParaValue = replace(ParaValue,"count(","")
ParaValue = replace(ParaValue,"drop table ","")
ParaValue = replace(ParaValue,"update ","")
ParaValue = replace(ParaValue,"truncate ","")
ParaValue = replace(ParaValue,"asc(","")
ParaValue = replace(ParaValue,"mid(","")
ParaValue = replace(ParaValue,"char(","")
ParaValue = replace(ParaValue,"xp_cmdshell","")
ParaValue = replace(ParaValue,"exec master","")
ParaValue = replace(ParaValue,"net localgroup administrators","")
ParaValue = replace(ParaValue," and ","")
ParaValue = replace(ParaValue,"net user","")
ParaValue = replace(ParaValue," or ","")
SafeRequest=ParaValue
if IsNumeric(ParaValue) = True then
SafeRequest=ParaValue
exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0 or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
Response.Write "<script language='javascript'>"
Response.Write "alert('可疑的SQL注入请求!');" '发现SQL注入攻击提示信息
Response.Write "location.href='http://www.winiis.com/';" '发现SQL注入攻击转跳网址
Response.Write "<script>"
Response.end
else
SafeRequest=ParaValue
End If
End function
- 'SQL防入库函数
- 防SQL注入函数
- 防SQL注入函数代码
- 防SQL数字注入函数
- SQL防注入过滤函数
- asp防SQL注入函数
- 防SQL数字注入函数
- asp防SQL注入函数
- 防SQL注入函数群
- ASP最新SQL防注入过滤函数
- 高效的防SQL注入函数
- 防SQL注入漏洞函数集
- 通用防SQL注入函数java版
- 正则表达式防SQL注入函数
- ASP最新防SQL注入函数
- mysql防sql注入的php函数
- PHP的几个防SQL注入函数
- php防sql注入等函数
- 东方红品牌网络代理商计划表
- 调用数据库范例
- 时间处理
- 一个不太完善的ASP整站静态生成程序
- Code Library .NET
- 'SQL防入库函数
- 怀念曾经的sygate firewall
- Flash和Asp数据库的结合应用
- excel技巧(一)
- Oracle关于时间/日期的操作
- 颜色!!!!!!!!
- 各种网页播放器代码大全
- Flash注册模块
- 安全