 |
|
|
 首页 |
名片设计 CorelDRAW Illustrator AuotoCAD Painter 其他软件 Photoshop Fireworks Flash |
|
function ForSqlForm() dim fqys,errc,i,items dim nothis(18) nothis(0)="net user" nothis(1)="xp_cmdshell" nothis(2)="/add" nothis(3)="exec%20master.dbo.xp_cmdshell" nothis(4)="net localgroup administrators" nothis(5)="select" nothis(6)="count" nothis(7)="asc" nothis(8)="char" nothis(9)="mid" nothis(10)="\\\'" nothis(11)=":" nothis(12)="""" nothis(13)="insert" nothis(14)="delete" nothis(15)="drop" nothis(16)="truncate" nothis(17)="from" nothis(18)="%" \\\'nothis(19)="@" errc=false for i= 0 to ubound(nothis) for each items in request.Form if instr(request.Form(items),nothis(i))<>0 then response.write("<div>") response.write("你所填写的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i)) response.write("</div>") response.write("对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>") response.End() end if next next end function \\\'========================== \\\'过滤查询中的SQL \\\'========================== function ForSqlInjection() dim fqys,errc,i dim nothis(19) fqys = request.ServerVariables("QUERY_STRING") nothis(0)="net user" nothis(1)="xp_cmdshell" nothis(2)="/add" nothis(3)="exec%20master.dbo.xp_cmdshell" nothis(4)="net localgroup administrators" nothis(5)="select" nothis(6)="count" nothis(7)="asc" nothis(8)="char" nothis(9)="mid" nothis(10)="\\\'" nothis(11)=":" nothis(12)="""" nothis(13)="insert" nothis(14)="delete" nothis(15)="drop" nothis(16)="truncate" nothis(17)="from" nothis(18)="%" nothis(19)="@" errc=false for i= 0 to ubound(nothis) if instr(FQYs,nothis(i))<>0 then errc=true end if next if errc then response.write "查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>" response.end end if end function 返回类别: 教程 上一教程: 制作我们自己的EBAY(拍卖系统)(8) 下一教程: 使用ASP方便的建立自己网站的每日更新 您可以阅读与"ASP上两个防止SQL注入式攻击FUNCTION"相关的教程: · 用的ASP防SQL注入攻击程序 · ASP防SQL注入攻击程序 · 利用instr()函数防止SQL注入攻击 · 防范SQL指令植入式攻击 · 编写通用的ASP防SQL注入攻击程序 |
  |
| 快精灵印艺坊 版权所有 |
首页 会员中心在线印刷在线编辑付款方式索取样品设计指南连锁门店
|
||
