ASP程序防SQL注入精华程序!
作者:cmscn 日期:2008-05-31
ASP程序防SQL注入精华程序,再复杂的防注入程序估计原理也就是这个了,把一下代码添加到你要防注入的页面中就可以了!
'防SQL注入程序
Dim SQL_Key,SQL_Word,SQL_Get,SQL_Data,SQL_Post
SQL_Key="" '你想屏蔽的关键词
SQL_Word=Split(SQL_Key,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_Word)
If Instr(LCase(Request.QueryString(SQL_Get)),SQL_Word(SQL_Data))>0 Then
Response.Write("<Script Language=Javascript>{location.href='index.htm';}</Script>")
Response.End()
End If
Next
Next
End If
If Request.Form<>"" Then
For Each SQL_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_Word)
If Instr(LCase(Request.Form(SQL_Post)),SQL_Word(SQL_Data))>0 Then
Response.Write("<Script Language=Javascript>{location.href='index.htm';}</Script>")
Response.End()
End If
Next
Next
End If
http://www.im286.com/viewthread.php?tid=2437420&highlight=%D7%A2%C8%EB
评论: 0 | 引用: 0 | 查看次数: 475
发表评论