asp防sql注入源代码

  asp通用防sql注入源代码,将此段代码放在你执行sql读取数据之前,以便判断客户端提交的内容是否包含恶意注入内容

dim sp
Dim Fy_Post,Fy_Get,Fy_getIn,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql,Fy_postIn
'自定义需要过滤的字串,用 "|" 分隔
Fy_getIn = "'|#|exec|insert|select|delete|update|%|chr|char|mid|master|truncate|declare|(|)|*"
Fy_postIn = "exec|insert|select|delete|update|truncate|declare"
Kill_IP=True
WriteSql=True			
sp=now() 

'--------POST部份------------------
If Request.Form<>"" Then
Fy_Inf = split(Fy_postIn,"|")
	For Each Fy_Post In Request.Form
		For Fy_Xh=0 To Ubound(Fy_Inf)
			If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then				
				Response.Write "内容包含非法字符!!"				
				Response.End
			End If
		Next
	Next
End If
'----------------------------------

'--------GET部份-------------------
If Request.QueryString<>"" and request.Form=""   Then
Fy_Inf = split(Fy_getIn,"|")
	For Each Fy_Get In Request.QueryString
		For Fy_Xh=0 To Ubound(Fy_Inf)
			If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
				Response.Write "内容包含非法字符!!"				
				Response.End
			End If
		Next
	Next
End If

 

加支付宝好友偷能量挖...


原创文章,转载请注明出处:asp防sql注入源代码

评论(0)Web开发网
阅读(157)喜欢(0)Asp/VBScript