1. <wbr id="m8vu6"></wbr>

      <del id="m8vu6"><center id="m8vu6"><source id="m8vu6"></source></center></del>
        <p id="m8vu6"><sub id="m8vu6"></sub></p>

        VB.net 2010 視頻教程 VB.net 2010 視頻教程 python基礎視頻教程
        SQL Server 2008 視頻教程 c#入門經典教程 Visual Basic從門到精通視頻教程
        當前位置:
        首頁 > 網站開發 > ASPnet >
        • asp.net教程之ASP上兩個防止SQL注入式攻擊Function

         ''==========================
        ''過濾提交表單中的SQL
        ''==========================
        function ForSqlForm()
        dim fqys,errc,i,items
        dim nothis(18) 
        nothis(0)="net user" 

        nothis(1)="xp_cmdshell" 

        nothis(2)="/add" 

        nothis(3)="exec%20master.dbo.xp_cmdshell" 

        nothis(4)="net localgroup administrators" 

        nothis(5)="select" 

        nothis(6)="count" 

        nothis(7)="asc" 

        nothis(8)="char" 

        nothis(9)="mid" 

        nothis(10)="''" 

        nothis(11)=":" 

        nothis(12)="""" 

        nothis(13)="insert" 

        nothis(14)="delete" 

        nothis(15)="drop" 

        nothis(16)="truncate" 

        nothis(17)="from" 

        nothis(18)="%"

        ''nothis(19)="@"  

        errc=false 

        for i= 0 to ubound(nothis) 
          for each items in request.Form
          if instr(request.Form(items),nothis(i))<>0 then 
           response.write("<div>")
           response.write("你所填寫的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i))
           response.write("</div>")
           response.write("對不起,你所填寫的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>")
           response.End()
          end if 
          next
        next 
        end function
        ''==========================
        ''過濾查詢中的SQL
        ''==========================
        function ForSqlInjection()
        dim fqys,errc,i
        dim nothis(19) 
        fqys = request.ServerVariables("QUERY_STRING")
        nothis(0)="net user" 

        nothis(1)="xp_cmdshell" 

        nothis(2)="/add" 

        nothis(3)="exec%20master.dbo.xp_cmdshell" 

        nothis(4)="net localgroup administrators" 

        nothis(5)="select" 

        nothis(6)="count" 

        nothis(7)="asc" 

        nothis(8)="char" 

        nothis(9)="mid" 

        nothis(10)="''" 

        nothis(11)=":" 

        nothis(12)="""" 

        nothis(13)="insert" 

        nothis(14)="delete" 

        nothis(15)="drop" 

        nothis(16)="truncate" 

        nothis(17)="from" 

        nothis(18)="%"

        nothis(19)="@"  

        errc=false 

        for i= 0 to ubound(nothis) 

        if instr(FQYs,nothis(i))<>0 then 

        errc=true 

        end if 

        next 

        if errc then 
        response.write "查詢信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>" 
        response.end 

        end if 

        end function
        相關教程
                
        免费看成年人视频大全_免费看成年人视频在线观看