[转载]ASP最新SQL防注入过滤涵数
文章作者:微风山谷[code]Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
Str = Replace(Str, """", """, 1, -1, 1)
Str = Replace(Str,"<","<", 1, -1, 1)
Str = Replace(Str,">",">", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "object", "object", 1, -1, 0)
Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
Str = Replace(Str, "Object", "Object", 1, -1, 0)
Str = Replace(Str, "object", "Object", 1, -1, 1)
Str = Replace(Str, "applet", "applet", 1, -1, 0)
Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
Str = Replace(Str, "applet", "Applet", 1, -1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "=", 1, -1, 1)
Str = Replace(Str, "'", "''", 1, -1, 1)
Str = Replace(Str, "select", "select", 1, -1, 1)
Str = Replace(Str, "execute", "execute", 1, -1, 1)
Str = Replace(Str, "exec", "exec", 1, -1, 1)
Str = Replace(Str, "join", "join", 1, -1, 1)
Str = Replace(Str, "union", "union", 1, -1, 1)
Str = Replace(Str, "where", "where", 1, -1, 1)
Str = Replace(Str, "insert", "insert", 1, -1, 1)
Str = Replace(Str, "delete", "delete", 1, -1, 1)
Str = Replace(Str, "update", "update", 1, -1, 1)
Str = Replace(Str, "like", "like", 1, -1, 1)
Str = Replace(Str, "drop", "drop", 1, -1, 1)
Str = Replace(Str, "create", "create", 1, -1, 1)
Str = Replace(Str, "rename", "rename", 1, -1, 1)
Str = Replace(Str, "count", "count", 1, -1, 1)
Str = Replace(Str, "chr", "chr", 1, -1, 1)
Str = Replace(Str, "mid", "mid", 1, -1, 1)
Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
Str = Replace(Str, "char", "char", 1, -1, 1)
Str = Replace(Str, "alter", "alter", 1, -1, 1)
Str = Replace(Str, "cast", "cast", 1, -1, 1)
Str = Replace(Str, "exists", "exists", 1, -1, 1)
Str = Replace(Str,Chr(13),"<br>", 1, -1, 1)
CheckStr = Replace(Str,"'","''", 1, -1, 1)
End Function[/code] 要把这个函数加到哪些地方? 偶是菜鸟,望指教! 真么不知道为什么要这样写,除了第一行替换与最后两行替换,其他的一点用也没有,像摆设一样,浪费资源,代码繁琐!!! 呵呵,是啊
这样还会误伤
比如一个人的用户名为
selectfuck
这样不就一辈子不能在get方式中使用了,呵呵. Lake2写了篇文章是关于Cookie传递数据的.......专对付传说中的哪个什么ASP通用防注射程序的
kEvin1986写鸟个程序来,在他滴帮助下测试到是满成功滴.
就是还没用这东西拿下过任何一个站.HOHO........
文章的URL:[url]http://blog.csdn.net/lake2/archive/2005/09/10/477187.aspx[/url] [quote][b]下面是引用dingking于2005-11-05 10:56发表的:[/b]
Lake2写了篇文章是关于Cookie传递数据的.......专对付传说中的哪个什么ASP通用防注射程序的
kEvin1986写鸟个程序来,在他滴帮助下测试到是满成功滴.
就是还没用这东西拿下过任何一个站.HOHO........
文章的URL:[url]http://blog.csdn.net/lake2/archive/2005/09/10/477187.aspx[/url][/quote]
只是纸上谈兵,我也没拿下过,呵呵~~ 考虑是否将sql注入中加入cookice的过滤!嘿嘿! [s:51] 考虑是否将sql注入中加入cookice的过滤!嘿嘿! [s:51]
页:
[1]