Anti-injection Code-vb.net SQL injection Code

Called in the Page_Load event.

However, it is strongly recommended that you call at the database, referring to the following code:

Dim Conn as Data.OleDb.OleDbConnection
Dim Jkclass as New Class1
conn = Jkclass.getconn ()

Imports Microsoft.VisualBasic

Public Class Class1
'-----------------------------------------------------------------------------Small Example-------------------------------------
Public Function Getconn ()
Dim Conn as Data.OleDb.OleDbConnection
Dim ConnStr as String
conn = New Data.OleDb.OleDbConnection
ConnStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data source= "& System.Web.HttpContext.Current.Server.MapPath (" 2008.mdb ")
Conn. ConnectionString = ConnStr
Jk1986_checksql ()
If Conn. State = Data.ConnectionState.Closed Then
Conn. Open ()
End If
GETCONN = conn
End Function

'-----------------------------------------------------------------------------The following is an anti-SQL code---------------------------------- -------------

Public Function Jk1986_checksql ()
Dim Jk1986_sql as String
Dim Jk_sql as String ()
Dim K as String
Jk1986_sql = "Exec↓select↓drop↓alter↓exists↓union↓and↓or↓xor↓order↓mid↓asc↓execute↓xp_ Cmdshell↓insert↓update↓delete↓join↓declare↓char↓sp_oacreate↓wscript.shell↓xp_regwrite↓ ' ↓;↓--↓/↓* '
Jk_sql = Jk1986_sql.split ("↓")
For all k in Jk_sql
'-----------------------anti-get injection-----------------------
If System.Web.HttpContext.Current.Request.QueryString.ToString () <> "" Then
Dim JK as Integer
Dim GetIP as String
For JK = 0 to System.web.httpcontext.current.request.querystring.count-1
If System.Web.HttpContext.Current.Request.QueryString (System.Web.HttpContext.Current.Request.QueryString.Keys ( JK). ToString ()). ToLower (). Contains (k) = True Then
System.Web.HttpContext.Current.Response.Write ("<script language=javascript>alert" ("asp.net" (VB). NET version) anti-injection program warns you not to submit illegal characters! ↓rnrnblog:http://hi.baidu.com/ahhacker86 Rnrnby: