Two functions under ASP to prevent SQL injection attacks
Source: Internet
Author: User
Functions used to prevent SQL injection attacks. You can use them directly. However, you may not be able to use them all. Therefore, you need to enhance security awareness.
CopyCode The Code is as follows: '================================
'Filter the SQL statements in the submitted Form
'================================
Function forsqlform ()
Dim fqys, ERRC, I, items
Dim nothis (18)
Nothis (0) = "Net user"
Nothis (1) = "xp_mongoshell"
Nothis (2) = "/Add"
Nothis (3) = "Exec % 20master. DBO. xp_mongoshell"
Nothis (4) = "net localgroup Administrators"
Nothis (5) = "select"
Nothis (6) = "count"
Nothis (7) = "ASC"
Nothis (8) = "char"
Nothis (9) = "mid"
Nothis (10) = "'"
Nothis (11) = ":"
Nothis (12) = """"
Nothis (13) = "insert"
Nothis (14) = "delete"
Nothis (15) = "Drop"
Nothis (16) = "truncate"
Nothis (17) = "from"
Nothis (18) = "%"
'Nothis (19) = "@"
ERRC = false
For I = 0 to ubound (nothis)
For each items in request. Form
If instr (request. Form (items), nothis (I) <> 0 then
Response. Write ("<div> ")
Response. Write ("your information:" & server. htmlencode (request. Form (items) & "<br> contains invalid characters:" & nothis (I ))
Response. Write ("</div> ")
Response. Write ("sorry, the information you entered contains invalid characters! <A href = "" # "" onclick = "" history. Back () "> return </a> ")
Response. End ()
End if
Next
Next
End Function
'================================
'Filter the SQL statements in the query
'================================
Function forsqlinjection ()
Dim fqys, ERRC, I
Dim nothis (19)
Fqys = request. servervariables ("QUERY_STRING ")
Nothis (0) = "Net user"
Nothis (1) = "xp_mongoshell"
Nothis (2) = "/Add"
Nothis (3) = "Exec % 20master. DBO. xp_mongoshell"
Nothis (4) = "net localgroup Administrators"
Nothis (5) = "select"
Nothis (6) = "count"
Nothis (7) = "ASC"
Nothis (8) = "char"
Nothis (9) = "mid"
Nothis (10) = "'"
Nothis (11) = ":"
Nothis (12) = """"
Nothis (13) = "insert"
Nothis (14) = "delete"
Nothis (15) = "Drop"
Nothis (16) = "truncate"
Nothis (17) = "from"
Nothis (18) = "%"
Nothis (19) = "@"
ERRC = false
For I = 0 to ubound (nothis)
If instr (fqys, nothis (I) <> 0 then
ERRC = true
End if
Next
If ERRC then
Response. write "the query information contains invalid characters! <A href = "" # "" onclick = "" history. Back () "> return </a>"
Response. End
End if
End Function
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.