时间:2022-12-06 01:25
get请求中防止sql注入的方法:
通过浏览器地址栏传递的数据过滤,例如:
PublicFunctionChkSqlIn()
DimFy_Get,Fy_In,Fy_Inf,Fy_Xh
Fy_In="'|;|or|and|(|)|*|%|exec|insert|select|delete|update|count|chr|char|nchar|asc|
unicode|mid|substring|master|truncate|drop|declare|%20from|cmdshell|admin|net%20user
|net%20localgroup|1=1|1=2|user>0|id=1"
Fy_Inf=Split(Fy_In,"|")
IfRequest.QueryString<>""Then
ForEachFy_GetInRequest.QueryString
ForFy_Xh=0ToUBound(Fy_Inf)
IfInStr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0Then
Response.Write"<Script>alert('对不起,可能出错了!');</Script>"
Fy_Get=""
Fy_In=""
Fy_Inf=""
Fy_Xh=""
Response.End
EndIf
Next
Next
EndIf
Fy_Get="":Fy_In="":Fy_Inf="":Fy_Xh=""
EndFunction
