ASP anti-SQL injection source program _php Tutorial

This article provides a free ASP anti-SQL injection source program to see, the method is relatively simple to receive the value of query filter Oh.

This article provides a free ASP anti-SQL injection source program to see, the method is relatively simple to receive the value of query filter Oh.

<%
Squery=lcase (Request.ServerVariables ("query_string"))
Surl=lcase (Request.ServerVariables ("Http_host"))
Sql_injdata = ": |;|>|<|--|sp_|xp_| | dir|cmd|^| (|)| +|$|'| Copy|format|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare "
Sql_inj = Split (Sql_injdata, "|")
For Sql_data=0 to Ubound (Sql_inj)
If InStr (Squery&surl,sql_inj (Sql_data)) >0 Then
Response.Write "Your operation may be SQL injection behavior. "
Response.End
End If
Next
%>

I myself think there is the method of anti-SQL injection, that is, with the trim () function, remove all the querystring value of the space, because SQL execution must have a space oh, and if it is the ID type is determined whether the number is OK.

http://www.bkjia.com/PHPjc/629744.html www.bkjia.com true http://www.bkjia.com/PHPjc/629744.html techarticle This article provides a free ASP anti-SQL injection source program to see, the method is relatively simple to receive the value of query filter Oh. This article provides a free ASP anti-SQL injection source program to see, method than ...

