Recently because of the modification of an ASP program (with SQL injection vulnerability), in the online search for a number of related prevention methods, are not nearly satisfactory, so I will now some of the online methods to improve a little, write this ASP function, for your reference.
The following is a reference fragment:
Function Saferequest (Paraname) Dim Paravalue Paravalue=request (Paraname) If IsNumeric (paravalue) = True Then Saferequest=paravalue Exit Function ElseIf Instr (LCase (Paravalue), "select") > 0 or Instr (LCase (paravalue), "Insert") > 0 or Instr (LCase (Paravalue), "de Lete from ") > 0 or Instr (LCase (Paravalue)," Count (") > 0 or Instr (LCase (Paravalue)," drop table ") > 0 or Instr (LCas E (Paravalue), "Update") > 0 or Instr (LCase (paravalue), "truncate") > 0 or Instr (LCase (Paravalue), "ASC (") > 0 or I Nstr (LCase (Paravalue), "Mid (") > 0 or Instr (LCase (Paravalue), "char (") > 0 or Instr (LCase (Paravalue), "xp_cmdshell" ) > 0 or Instr (LCase (Paravalue), "exec master") > 0 or Instr (LCase (paravalue), "net localgroup Administrators") > 0 or Instr (LCase (Paravalue), "and") > 0 or Instr (LCase (paravalue), "NET user") > 0 or Instr (LCase (Paravalue), "or") > 0 Then Response.Write "<script language= ' JavaScript ' >" Response.Write "alert (' Illegal request! ');" ' Discovery SQL injection attack prompt information Response.Write "location.href= ' http://blog.knowsky.com/';" ' Discovery SQL injection attack jump URL Response.Write "<script>" Response.End Else Saferequest=paravalue End If End FunctionReplace your request with the Saferequest function |
please contact the site, timely note your name. Contact Email: edu#chinaz.com (change # to @).