12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
ADADADADAD
网络知识 时间:2024-12-03 15:10:16
作者:文/会员上传
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
get请求中防止sql注入的方法:通过浏览器地址栏传递的数据过滤,例如:PublicFunctionChkSqlIn()DimFy_Get,Fy_In,Fy_Inf,Fy_XhFy_In="'|;|or|and|(|)|*|%|exec|insert|select
以下为本文的正文内容,内容仅供参考!本站为公益性网站,复制本文以及下载DOC文档全部免费。
get请求中防止sql注入的方法:
通过浏览器地址栏传递的数据过滤,例如:
PublicFunctionChkSqlIn()
DimFy_Get,Fy_In,Fy_Inf,Fy_Xh
Fy_In="'|;|or|and|(|)|*|%|exec|insert|select|delete|update|count|chr|char|nchar|asc|
unicode|mid|substring|master|truncate|drop|declare|%20from|cmdshell|admin|net%20user
|net%20localgroup|1=1|1=2|user>0|id=1"
Fy_Inf=Split(Fy_In,"|")
IfRequest.QueryString<>""Then
ForEachFy_GetInRequest.QueryString
ForFy_Xh=0ToUBound(Fy_Inf)
IfInStr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0Then
Response.Write"<Script>alert('对不起,可能出错了!');</Script>"
Fy_Get=""
Fy_In=""
Fy_Inf=""
Fy_Xh=""
Response.End
EndIf
Next
Next
EndIf
Fy_Get="":Fy_In="":Fy_Inf="":Fy_Xh=""
EndFunction
11-20
11-19
11-20
11-20
11-20
11-19
11-20
11-20
11-19
11-20
11-19
11-19
11-19
11-19
11-19
11-19