|
  
- UID
- 319163
- 帖子
- 1284
- 精华
- 6
- 名声
- 8256 分贝
- 探客币
- 1992 元
- 人品
- 1 %
- 阅读权限
- 120
|
1#
发表于 2008-4-23 13:27
| 只看该作者
这样防注入 可以吗????
Set Conn=Server.CreateObject("ADODB.Connection")
conn.Open connstr
If Err Then
err.Clear
Set Conn = Nothing
Response.Write "数据库连接出错,请检查连接字串。"
Response.End
End If
dim sql_injdata
SQL_injdata ="'|and|exec|insert|select|delete|update|count|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)-1
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert('发现非法字符"&Sql_Inj(Sql_DATA)&"');history.back(-1)</Script>"
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert('发现非法字符');history.back(-1)</Script>"
Response.end
end if
next
next
end if |
|
