自己寫一個防止SQL注入函數

來源:互聯網
上載者:User
函數 <%
function sqlcheck(Str,errtype)
if Instr(LCase(Str),"select ") > 0 or Instr(LCase(Str),"insert ") > 0 or Instr(LCase(Str),"delete ") > 0 or Instr(LCase(Str),"delete from ") > 0 or Instr(LCase(Str),"count(") > 0 or Instr(LCase(Str),"drop table") > 0 or Instr(LCase(Str),"update ") > 0 or Instr(LCase(Str),"truncate ") > 0 or Instr(LCase(Str),"asc(") > 0 or Instr(LCase(Str),"mid(") > 0 or Instr(LCase(Str),"char(") > 0 or Instr(LCase(Str),"xp_cmdshell") > 0 or Instr(LCase(Str),"exec master") > 0 or Instr(LCase(Str),"net localgroup administrators") > 0 or Instr(LCase(Str),"and ") > 0 or Instr(LCase(Str),"net user") > 0 or Instr(LCase(Str),"or ") > 0 then
Response.write("<script language=javascript>" & vbcrlf & "window.location.href ='ShowError.asp?errtype=" & errtype & "'" & vbcrlf & "</script>")
Response.End
end if
Str=Replace(Str,"_","") '過濾SQL注入_
Str=Replace(Str,"*","") '過濾SQL注入*
Str=Replace(Str," ","") '過濾SQL注入空格
Str=Replace(Str,chr(34),"") '過濾SQL注入"
Str=Replace(Str,chr(39),"") '過濾SQL注入'
Str=Replace(Str,chr(91),"") '過濾SQL注入[
Str=Replace(Str,chr(93),"") '過濾SQL注入]
Str=Replace(Str,chr(37),"") '過濾SQL注入%
Str=Replace(Str,chr(58),"") '過濾SQL注入:
Str=Replace(Str,chr(59),"") '過濾SQL注入;
Str=Replace(Str,chr(43),"") '過濾SQL注入+
Str=Replace(Str,"{","") '過濾SQL注入{
Str=Replace(Str,"}","") '過濾SQL注入}
sqlcheck=Str '返回經過上面字元替換後的Str
end function
%>



相關文章

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。