ASP防止SQL注入方法,有效杜绝SQL注入的代码

		English
		电子信箱
		加入收藏

威盾防火墙 >> 新闻中心 >> 威盾新闻 >> ASP防止SQL注入方法,有效杜绝SQL注入的代码


ASP防止SQL注入方法,有效杜绝SQL注入的代码
威盾防火墙 2014-12-04

通用防SQL注入代码ASP版代码 dim sql_injdata SQL_injdata = "'\|and\|exec\|insert\|select\|delete\|update\|count\|*\|%\|chr\|mid\|master\|truncate\|char\|declare" SQL_inj = split(SQL_Injdata,"\|") If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then 'Response.Write(Request.QueryString) Response.Write "<Script>alert('@SQL通用防注入系统提示↓nn请不要在参数中包含非法字符尝试注入！');history.back(-1)</Script>" Response.end end if next Next End If If Request.Form<>"" Then 'liehuo.net For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then 'Response.Write(Request.Form) Response.Write "<Script>alert('@SQL通用防注入系统提示↓nn请不要在参数中包含非法字符尝试注入！');history.back(-1)</Script>" Response.end end if next Next End If sss=LCase(request.servervariables("QUERY_STRING")) if instr(sss,"select")<>0 or instr(sss,"inster")<>0 or instr(sss,"delete")<>0 or instr(sss,"(")<>0 or instr(sss,"'or")<>0 then response.write "<BR><BR><center>你的网址不合法" response.end end if StrTemp=request.servervariables("server_name")&request.servervariables("url")&"?"&Request.QueryString StrTemp = LCase(StrTemp) If Instr(StrTemp,"select%20") or Instr(StrTemp,"insert%20") or Instr(StrTemp,"delete%20from") or Instr(StrTemp,"count(") or Instr(StrTemp,"drop%20table") or Instr(StrTemp,"update%20") or Instr(StrTemp,"truncate%20") or Instr(StrTemp,"asc(") or Instr(StrTemp,"mid(") or Instr(StrTemp,"char(") or Instr(StrTemp,"xp_cmdshell") or Instr(StrTemp,"exec%20master") or Instr(StrTemp,"net%20localgroup%20administrators") or Instr(StrTemp,"net%20user") or Instr(StrTemp,"%20or%20") or Instr(StrTemp,"'") or Instr(StrTemp,"%20") or Instr(StrTemp,"""") or Instr(StrTemp,"“") or Instr(StrTemp,"”") or Instr(StrTemp,":") or Instr(StrTemp,"：") or Instr(StrTemp,";") or Instr(StrTemp,"；") or Instr(StrTemp,",") or Instr(StrTemp,"，") or Instr(StrTemp,"%27") then Response.Write "<script language='javascript'>alert('非法操作！立即返回！');history.back();</script>" Response.end End If

相关内容：	最新内容：
突破Sql防注入过滤[2014-12-04] 如何使用HttpModule实现sql防注入[2014-12-04] 如何从根本上防止 SQL 注入？[2014-12-04] SQL注入攻击的总体思路[2014-12-04] Microsoft SQL Server扩展存储过程权限提升漏洞[2014-12-04] 学会检查SQL注入式攻击漏洞[2014-12-01]	突破Sql防注入过滤[2014-12-04] 如何使用HttpModule实现sql防注入[2014-12-04] 如何从根本上防止 SQL 注入？[2014-12-04] 为什么选择手工WEB注入？工具的缺陷[2014-12-04] php防止xss攻击的方法[2014-12-04] SQL注入攻击的总体思路[2014-12-04]

电话：(010)51661195 QQ支持:2600725