非法字符替换,防SQL注入(asp)
来源:互联网 发布:php默认上传文件大小 编辑:程序博客网 时间:2024/04/28 13:20
'===============================
'函数名:CheckStr(byVal ChkStr)
'作用:非法字符替换,防SQL注入
'===============================
Function CheckStr(byVal ChkStr)
Dim Str:Str=ChkStr
Str=Trim(Str)
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Dim re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="(/r/n){3,}"
Str=re.Replace(Str,"$1$1$1")
Set re=Nothing 'net localgroup administrators
Str = Replace(Str,"net localgroup administrators","net localgroup administrators")
Str = Replace(Str,"exec%20master.dbo.xp_cmdshell","exec%20master.dbo.xp_cmdshell")
Str = Replace(Str,"/add","/add")
Str = Replace(Str,"xp_cmdshell","xp_cmdshell")
Str = Replace(Str,"net user","net user")
Str = Replace(Str,"'","''")
Str = Replace(Str, "select", "select")
Str = Replace(Str, "join", "join")
Str = Replace(Str, "union", "union")
Str = Replace(Str, "where", "where")
Str = Replace(Str, "insert", "insert")
Str = Replace(Str, "delete", "delete")
Str = Replace(Str, "update", "update")
Str = Replace(Str, "like", "like")
Str = Replace(Str, "drop", "drop")
Str = Replace(Str, "create", "create")
Str = Replace(Str, "modify", "modify")
Str = Replace(Str, "rename", "rename")
Str = Replace(Str, "alter", "alter")
Str = Replace(Str, "cast", "cast")
CheckStr=Str
End Function
'函数名:CheckStr(byVal ChkStr)
'作用:非法字符替换,防SQL注入
'===============================
Function CheckStr(byVal ChkStr)
Dim Str:Str=ChkStr
Str=Trim(Str)
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Dim re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="(/r/n){3,}"
Str=re.Replace(Str,"$1$1$1")
Set re=Nothing 'net localgroup administrators
Str = Replace(Str,"net localgroup administrators","net localgroup administrators")
Str = Replace(Str,"exec%20master.dbo.xp_cmdshell","exec%20master.dbo.xp_cmdshell")
Str = Replace(Str,"/add","/add")
Str = Replace(Str,"xp_cmdshell","xp_cmdshell")
Str = Replace(Str,"net user","net user")
Str = Replace(Str,"'","''")
Str = Replace(Str, "select", "select")
Str = Replace(Str, "join", "join")
Str = Replace(Str, "union", "union")
Str = Replace(Str, "where", "where")
Str = Replace(Str, "insert", "insert")
Str = Replace(Str, "delete", "delete")
Str = Replace(Str, "update", "update")
Str = Replace(Str, "like", "like")
Str = Replace(Str, "drop", "drop")
Str = Replace(Str, "create", "create")
Str = Replace(Str, "modify", "modify")
Str = Replace(Str, "rename", "rename")
Str = Replace(Str, "alter", "alter")
Str = Replace(Str, "cast", "cast")
CheckStr=Str
End Function
- 非法字符替换,防SQL注入(asp)
- ASP过虑非法字符,SQL防注入函数,禁止非法提交
- 过滤sql中非法字符防注入式攻击方法
- ASP的SQL防注入新方法,不用监测注入字符
- asp.net中过滤非法字符防止SQL注入
- 替换sql查询非法字符
- asp sql 防注入
- asp防sql注入
- sql防注入代码(asp)
- ASP.net防SQL注入
- asp防sql注入代码
- asp防SQL注入函数
- ASP.net防SQL注入
- asp.net 防SQL注入
- asp防SQL注入函数
- sql注入,跨站攻击,非法字符
- php防sql注入过滤特殊字符
- jquery过滤特殊字符',防sql注入
- ORACLE全文检索技术应用
- LCD program
- 如何使用Oracle全文检索功能
- const的理解和用法
- 什么是框架?
- 非法字符替换,防SQL注入(asp)
- 《C++0x漫谈》系列之:瘦身前后——兼谈语言进化
- 绘制圆形按钮
- getOutputStream() has already been called for this response 的解决方法
- 应用AXIS开始Web 服务之旅
- MSChart应用
- 使用RDTSC指令的CPU时间循环秒表类
- Vi指令大全
- c#中的文件操作介绍