the solution to the injection-type attack prevention code, for everyone to learn the reference!
JS version of the prevention of SQL injection attack code ~:
[CODE START]
var url = location.search;
var re=/^\? (.*) (Select%20|insert%20|delete%20from%20|count\ (|drop%20table
|update%20truncate%20|asc\ (|mid\ (|char\) (|xp_cmdshell|exec%20master
|net%20localgroup%20administrators|\ "|:| Net%20user|\ ' |%20or%20) (. *) $/gi;
var e = re.test (URL);
if (e) {
Alert ("The address contains illegal cha
access the database through RDS handler, modify the Registry HKEY_LOCAL_MACHINE/software/Microsoft/DataFactory/handlerinfo and set handlerrequired = 1 to handlerrequired = 0. Please note that if you do not access the database through RDS handler or custom business objects, it will bring security risks to the database, therefore, the author strongly recommends that you access the database only through RDS handler or custom business objects.
The following code uses VB to compile a custom business
Copy Code code as follows:
'==============================
' Feature Description: Remove HTML tags with regular
' Cannot keep '==============================
Function Removehtmltag (fstring)
Dim RE
Set re = New RegExp
Re. IgnoreCase = True
Re. Pattern = "Fstring = Re. Replace (Fstring, "")
Set re = Nothing
Removehtmltag = fstring
End Function
'==============================
' Feature Description: Remove HTML tags
' Cannot keep '==============================
Function rem
Remove all tags in HTML code
Copy Code code as follows:
'******************************
' Function: Removehtml_a (strText)
' Parameters: StrText, strings to be processed
' Author: Arisisi
' Date: 2007/7/12
' Description: Remove all tags from HTML code
' Example: '******************************
Function removehtml_a (StrText)
Dim NPOS1
Dim NPos2
NPOS1 = InStr (StrText, "Do While npos1>0
NPos2 =
= activemodel
If (MDL is nothing) then
Msgbox "there is no current model"
Elseif not MDL. iskindof (pdpdm. cls_model) then
Msgbox "the current model is not an physical data model ."
Else
Processfolder MDL
End if
'This routine copy name into code for each table, each column and each view
'Of the current folder
Private sub processfolder (folder)
Dim ls_nametemp
Dim tab 'running table
For each tab in folder. Tables
If not tab. isw.cut then
'Tab. Code = tab. Name
If
The simplest user registration procedure
Dim username,founderr,errmsgUsername=trim (Request ("UserName"))If Username= "" or Strlength (UserName) >14 or Strlength (UserName) Founderr=trueErrmsg=errmsg "ElseIf Instr (UserName, "=") >0 or Instr (UserName, "%") >0 or Instr (USERNAME,CHR) >0 or Instr (UserName, "?") >0 or
; --string concatenation, self is a pointer to the current aggregate function, which is used to correlate with the previous calculation result MEMBER function odciaggregateiterate (self in Out wy_wm_concat, Colvalue in VARCHAR2) RETURN number is TempStr varchar (500); EXTENDSTR varchar (500); DESTR varchar (100); Delen int default 0; SEGSTR varchar (500); --Define a two-dimensional array TYPE Vararry is Varray (2) of VARCHAR2 (2
that specifically handles this kind of exception and returns information that most users can read. The function code is as follows: Create or Replace functionF_czl_geterror (Messageinch varchar2)
return varchar2 isResultvarchar2( +); NUM1 Number:=0; Num2 Number:=0; NUM3 Number:=0; NUM4 Number:=0; NUM5 Number:=0; NUM6 Number:=0; Num7 Number:=0; NUM8 Number:=0; NUM9 Number:=0; NUM10 Number:=0; STR1varchar2( +); STR2varchar2( +); STR3varchar2( +); STR4varchar2( +); STR5varchar2( +); STR6varchar2(
-00600: internal error code, arguments: [ktrgcm_3], [], [], [], [], [], [], [], []
Current SQL statement for this session:
Select count (distinct id) from (select ve. workflowid | ''as id from v_executableworktask ve left join T_DATA_ITEM appt on appt. value = ve. BUSSINESSTYPE and appt. deleted = 0 and appt. cataid = 1101 where 1 = 1 and ve. globalID in ('P {2266580} ', 'O {411001700}', 'O {4110} ', 'G {201111992}') and ve. BUSINESSID in (select c. id FROM T_CONTRACT_CONTENT c where
. phone_no1204,Nvl (t. phone_no1201, t. phone_no1204) as "phone_no1201 ",Nvl (t. phone_no1110, t. phone_no1204) as "phone_no1110 ",Nvl (t. phone_no1107, t. phone_no1204) as "phone_no1107 ",CaseWhen t. phone_no1204 = nvl (t. phone_no1201, t. phone_no1204)And t. phone_no1204 = nvl (t. phone_no1110, t. phone_no1204)And t. phone_no1204 = nvl (t. phone_no1107, t. phone_no1204)Then '0'Else '1'End as phone_no1101From mark_518_t9 t
Instr () function, specia
In Oracle/plsql, the InStr function returns the position of the string to be intercepted in the source string.
The syntax is as follows: InStr (string1, string2 [, Start_position [, Nth_appearance]])
String1 the source string to find in this string.
String2 the string to find in the string1.
The start_position represents where the string1 starts looking. This parameter is optional, if omitted defaults to 1.
To implement string segmentation, the algorithm is as follows:Algorithm 1:DECLARERemove_column myvarray_list; Xvarchar( +); Subvarchar( +); I Number; J Number; C Number; Rcount Number;BEGINRemove_column:=Myvarray_list ();--init array.Sub:='ORA-26786: The key is ("AAC001") = (11370911196606055225) The row exists, but has conflicting columns "AAC003", "AAE011", "AAE036", "AAE476" (in table BI3. AC01) ORA-01403: No data found'; --sub:= ' ora-26786:a row with key ("C1", "C2") = (TEST1, TEST1) exists
Remove all tags in HTML code
Copy codeThe Code is as follows: '******************************
'Function: RemoveHTML_A (strText)
'Parameter: strText, string to be processed
'Prepared by: alixixi
'Date: 2007/7/12
'Description: removes all tags from HTML code.
'Example: '******************************
Function RemoveHTML_A (strText)
Dim nPos1
Dim nPos2
NPos1 = InStr (strText, "Do While nPos1> 0NPos2 = InStr (
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.