asp防sql注入源代码
asp通用防sql注入源代码,将此段代码放在你执行sql读取数据之前,以便判断客户端提交的内容是否包含恶意注入内容
dim sp Dim Fy_Post,Fy_Get,Fy_getIn,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql,Fy_postIn '自定义需要过滤的字串,用 "|" 分隔 Fy_getIn = "'|#|exec|insert|select|delete|update|%|chr|char|mid|master|truncate|declare|(|)|*" Fy_postIn = "exec|insert|select|delete|update|truncate|declare" Kill_IP=True WriteSql=True sp=now() '--------POST部份------------------ If Request.Form<>"" Then Fy_Inf = split(Fy_postIn,"|") For Each Fy_Post In Request.Form For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then Response.Write "内容包含非法字符!!" Response.End End If Next Next End If '---------------------------------- '--------GET部份------------------- If Request.QueryString<>"" and request.Form="" Then Fy_Inf = split(Fy_getIn,"|") For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then Response.Write "内容包含非法字符!!" Response.End End If Next Next End If
加支付宝好友偷能量挖...
原创文章,转载请注明出处:asp防sql注入源代码