最新下载
热门教程
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
sql防注入程序
时间:2022-06-30 09:15:28 编辑:袖梨 来源:一聚教程网
不改变原字符显示!
如select*替换为select*
这样既不损坏数据,也安全!
没有想到的地方请大家指正
<%
Response.Write CheckRequest("str")
' ============================================
' 检测传入变量,防止SQL注入
' ============================================
Function CheckRequest(ByVal strRequest)
Dim ParaValue, aBadUalueb, bBadValue, inBad, strBad
If strRequest = "" Then
CheckRequest = ""
Exit Function
End If
ParaValue = Request(strRequest)
If ParaValue = "" Then
CheckRequest = ""
Exit Function
End If
aBadValue = "net user|net localgroup administrators|xp_cmdshell|/add|exec%20master.dbo.xp_cmdshell|" & Chr(0) & ""
aValueArr = Split(aBadValue, "|")
For a = 0 To UBound(aValueArr)
If InStr(LCase(ParaValue), aValueArr(a)) <> 0 Then
ParaValue = Replace(ParaValue, aValueArr(a), strFToAsc(aValueArr(a)), 1, -1, vbTextCompare)
End If
Next
bBadUalue = "and|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare|drop|from|or"
inBad = "(|)|[|]| |*|%20"
bValueArr = Split(bBadUalue, "|")
iBad = Split(inBad, "|")
For b = 0 To UBound(bValueArr)
strBad = bValueArr(b)
For i = 0 To UBound(iBad)
Fstr = strBad & iBad(i)
If InStr(LCase(ParaValue), Fstr) <> 0 Then
ParaValue = Replace(ParaValue, Fstr, strFToAsc(Fstr), 1, -1, vbTextCompare)
End If
Lstr = iBad(i) & strBad
If InStr(LCase(ParaValue), Lstr) <> 0 Then
ParaValue = Replace(ParaValue, Lstr, strFToAsc(Lstr), 1, -1, vbTextCompare)
End If
Next
Next
CheckRequest = ParaValue
End Function
' ============================================
' 首字符转换成Html码
' ============================================
Function strFToAsc(ByVal strValue)
Dim strTemp
strTemp = strValue
If strTemp = "" Then
strFToAsc = ""
Exit Function
End If
strTemp = "&#" & Asc(Left(strTemp, 1)) & ";" & Right(strTemp, Len(strTemp) - 1)
strFToAsc = strTemp
End Function
%>
相关文章
- 《无限暖暖》天星之羽获得位置介绍 12-20
- 《流放之路2》重铸台解锁方法介绍 12-20
- 《无限暖暖》瞄准那个亮亮的成就怎么做 12-20
- 《无限暖暖》魔气怪终结者完成方法 12-20
- 《无限暖暖》曙光毛团获得位置介绍 12-20
- 《无限暖暖》日光果获得位置介绍 12-20