ASP网页防SQL注入代码
下面一段是防表单SQL注入,与Cookies的SQL入注的ASP,可以放在conn.asp文件中,原理是过滤一些常用字符
<%
PreventInfuse'引用
Public Sub PreventInfuse()
On Error Resume Next
Dim SQL_Nonlicet, arrNonlicet
Dim PostRefer, GetRefer, Sql_DATA
SQL_Nonlicet = "^|and|exec|insert|select|delete|update
|count|chr|mid|master|truncate|char|declare"
arrNonlicet = Split(SQL_Nonlicet, "|")
If Request.Form <> "" Then
For Each PostRefer In Request.Form
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.Form(PostRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert('安全系统提示↓\n\n请不要
在参数中包含非法字符!');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
If Request.QueryString <> "" Then
For Each GetRefer In Request.QueryString
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.QueryString(GetRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert('大家都不容
易↓\n\n联系QQ:51193930!');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
End Sub
If Request.Cookies<>"" Then
keyword=Request.Cookies
CheckInfuse keyword,255
end if
Public Function CheckInfuse(ByVal str, ByVal strLen)
Dim strUnsafe, arrUnsafe
Dim i
If Trim(str) = "" Then
CheckInfuse = ""
Exit Function
End If
str = Left(str, strLen)
On Error Resume Next
'strUnsafe = "'|^|;|and|exec|insert|select|delete|update
|count|*|%|chr|mid|master|truncate|char|declare"
strUnsafe = "exec|insert|delete|update|count|chr
|mid|master|truncate|char|declare"
If Trim(str) <> "" Then
If Len(str) > strLen Then
Response.Write "<Script Language=JavaScript>alert('安全系统提示↓\n\n您提
交的字符数超过了限制!');history.back(-1)</Script>"
CheckInfuse = ""
Response.End
End If
arrUnsafe = Split(strUnsafe, "|")
For i = 0 To UBound(arrUnsafe)
If InStr(1, str, arrUnsafe(i), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert('安全系统提示↓\n\n请不要在
参数中包含非法字符!');history.back(-1)</Script>"
CheckInfuse = ""
Response.End
End If
Next
End If
CheckInfuse = Trim(str)
Exit Function
If Err.Number <> 0 Then
Err.Clear
Response.Write "<Script Language=JavaScript>alert('安全系统提示↓\n\n请不要在参
数中包含非法字符!');history.back(-1)</Script>"
CheckInfuse = ""
Response.End
End If
End Function
%>
文件来愿:www.auuo.com/article/2009/2009113759231633.htm
联系我们
QQ:51193930(Ahoo)
MSN:auuocx@hotmail.com
网址:http://www.auuo.com
地址:慈溪天九商务中心525室
电话:189-0662-0882
我们的优势
拥有优秀的网站设计师与程序工程师,精通各种一流的图形设计软件,如Photoshop、Freehand CorlDraw、Flash、Dreamweaver、Fireworks等等制作网页和平面设计图。以及使用C语言、C#、ASP.NET框架、asp、php等语言为您开发项目,我们为您准备了最专业的技术服务。为您开发的网站精致实用,代码清晰,保证您的网站安全可靠修改方便,最重要的是符合市场需求,并随时为客户解决各种技术问题。
我们正在努力开拓...