| Recently, some hackers through our website for SQL injection to achieve the success of his hacker joy, many times caused the company's portal website (http://www.gogochina.cn/) shows abnormal, even content and background management cannot be performed. therefore, I have uploaded files multiple times, so that the website has been repeatedly asked by the customer why the website cannot be opened or the content is not displayed completely. today, I searched online for some solutions to SQL Injection problems on ASP + ACCESS and prevention of SQL Injection code and prevention of SQL code injection in that file. after searching and comparing, I found many related documents. among them, I will share with you the latest auspicious details :--------------------------------------------------------------------------------------------- The following is the code: Put it into conn. asp (reject attack universal ASP anti-injection code) First: Squery = lcase (request. servervariables ("QUERY_STRING ")) Surl = lcase (request. servervariables ("http_host") SQL _injdata = ": |||>|||-- | SP _ | XP _ |\| dir | cmd | ^ | (|) | + | $ | '| copy | format | and | exec | insert | select | Delete | update | count | * | % | CHR | mid | master | truncate | char | declare "SQL _inj = Split (SQL _injdata, "|") for SQL _data = 0 to ubound (SQL _inj) If instr (squery & Surl, SQL _inj (SQL _data)> 0 then Response. Write "SQL universal anti-injection system" Response. End End if Next type 2: SQL _injdata = ": ||>||||-- | SP _ | XP _ |\| dir | cmd |^| (|) | + | $ | '| copy | format | and | exec | insert | select | Delete | update | count | * | % | CHR | mid | master | truncate | char | declare "SQL _inj = Split (SQL _injdata, "| ") If request. querystring <> "then For each SQL _get in request. querystring For SQL _data = 0 to ubound (SQL _inj) If instr (request. querystring (SQL _get), SQL _inj (SQL _data)> 0 then Response. Write "SQL universal anti-injection system" Response. End End if Next Next End ifif request. Form <> "" then For each SQL _post in request. Form For SQL _data = 0 to ubound (SQL _inj) If instr (request. Form (SQL _post), SQL _inj (SQL _data)> 0 then Response. Write "SQL universal anti-injection system" Response. End End if Next Next End if This article is from 51cto. com technical blog |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
