SafeRequest函数防范所有的SQL注入
2007-11-29 09:46
274 查看
使用SafeRequest函数替换你的Request
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) = True then
SafeRequest=ParaValue
exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0 or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
Response.Write "<script language='javascript'>"
Response.Write "alert('非法的请求!');" '发现SQL注入攻击提示信息
Response.Write "location.href='http://www.xxxx.com/';" '发现SQL注入攻击转跳网址
Response.Write "<script>"
Response.end
else
SafeRequest=ParaValue
End If
End function
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) = True then
SafeRequest=ParaValue
exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0 or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
Response.Write "<script language='javascript'>"
Response.Write "alert('非法的请求!');" '发现SQL注入攻击提示信息
Response.Write "location.href='http://www.xxxx.com/';" '发现SQL注入攻击转跳网址
Response.Write "<script>"
Response.end
else
SafeRequest=ParaValue
End If
End function
相关文章推荐
- 查询数据库中所有包含某文本的存储过程、视图和函数的SQL
- 用stuff 写sql 函数,查询拼装出某列数据中的所有数字。
- sql防注入防范sql注入式攻击js版本
- 查找指定节点的所有父节点的示例函数.sql
- 防范 SQL 注入,需要采用PreparedStatement取代Statement。
- VB数据库操作---ADODB.Command 终结所有SQL注入
- 通过Global.asax 防范 SQL 注入( injection)
- 【SQL精彩语句】SQL SERVER 2000中查询指定节点及其所有子节点的函数(表格形式显示)
- Web安全之SQL注入***技巧与防范
- Java应用中的SQL依赖注入攻击和防范
- 查询数据库中所有包含某文本的存储过程、视图和函数的SQL
- Dvbbs7.1 sp1 SQL版savepost.asp注入漏洞分析、利用及防范
- Java Web 防范 SQL 注入攻击
- discuz论坛的sql防注入函数
- 防SQL数字注入函数
- sql 注入防范
- Sql得到(去除)字符串中所有汉字,字母,数字的函数
- Sql注入一种dump所有数据的方法
- 预防sql注入安全的函数
- SQL inject注入防范措施