熱點推薦:
您现在的位置: 電腦知識網 >> 編程 >> .NET編程 >> 正文

asp中防止腳本注入攻擊

2013-11-13 10:02:50  來源: .NET編程 

  

  <%
  SQL_injdata = |and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare
  SQL_inj = split(SQL_Injdata|)

  If RequestQueryString<> Then
    For Each SQL_Get In RequestQueryString
      For SQL_Data= To Ubound(SQL_inj)
        if instr(RequestQueryString(SQL_Get)Sql_Inj(Sql_DATA))> Then
          ResponseWrite <script Language=JavaScript>alert(非法連接!!)</script>
          Responseend
        end if
      next
    Next
  End If

  If RequestForm<> Then
    For Each Sql_Post In RequestForm
      For SQL_Data= To Ubound(SQL_inj)
        if instr(RequestForm(Sql_Post)Sql_Inj(Sql_DATA))> Then
          ResponseWrite <script Language=JavaScript>alert(非法連接!!)</script>
    Responseend
        end if
      next
    next
  end if
%>


From:http://tw.wingwit.com/Article/program/net/201311/12372.html
    推薦文章
    Copyright © 2005-2013 電腦知識網 Computer Knowledge   All rights reserved.