ASP程序防SQL注入精华程序!


ASP程序防SQL注入精华程序,再复杂的防注入程序估计原理也就是这个了,把一下代码添加到你要防注入的页面中就可以了!

                '防SQL注入程序
                Dim SQL_Key,SQL_Word,SQL_Get,SQL_Data,SQL_Post
                        SQL_Key=""  '你想屏蔽的关键词
                        SQL_Word=Split(SQL_Key,"|")

                        If Request.QueryString<>"" Then
                                For Each SQL_Get In Request.QueryString
                                        For SQL_Data=0 To Ubound(SQL_Word)
                                                If Instr(LCase(Request.QueryString(SQL_Get)),SQL_Word(SQL_Data))>0 Then
                                                        Response.Write("<Script Language=Javascript>{location.href='index.htm';}</Script>")
                                                        Response.End()
                                                End If
                                        Next
                                Next
                        End If

                        If Request.Form<>"" Then
                                For Each SQL_Post In Request.Form
                                        For SQL_Data=0 To Ubound(SQL_Word)
                                                If Instr(LCase(Request.Form(SQL_Post)),SQL_Word(SQL_Data))>0 Then
                                                        Response.Write("<Script Language=Javascript>{location.href='index.htm';}</Script>")
                                                        Response.End()
                                                End If
                                        Next
                                Next
                        End If


http://www.im286.com/viewthread.php?tid=2437420&highlight=%D7%A2%C8%EB

文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志:
评论: 0 | 引用: 0 | 查看次数: 475
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 20 字 | UBB代码 关闭 | [img]标签 关闭