<%
'將此段程式至於每頁的最上方即可
'ASP防SQL攻擊程序
'Get方式傳送的變數禁止使用單引號和註解,避免SQL隱碼攻擊
if instr(trim(Request.QueryString),"'")<>0 or instr(trim(Request.QueryString),"--")<>0 then
Response.write " "
response.end
end if
'Post方式傳送的變數禁止使用單引號和註解,避免SQL隱碼攻擊
if instr(trim(Request.Form),"%27")<>0 or instr(trim(Request.Form),"--")<>0 then
Response.write " "
response.end
end if
%>
'將此段程式至於每頁的最上方即可
'ASP防SQL攻擊程序
'Get方式傳送的變數禁止使用單引號和註解,避免SQL隱碼攻擊
if instr(trim(Request.QueryString),"'")<>0 or instr(trim(Request.QueryString),"--")<>0 then
Response.write " "
response.end
end if
'Post方式傳送的變數禁止使用單引號和註解,避免SQL隱碼攻擊
if instr(trim(Request.Form),"%27")<>0 or instr(trim(Request.Form),"--")<>0 then
Response.write " "
response.end
end if
%>
以下是用function的方式回傳值
<%=SQLInjection("資料隱碼測試防'跟-")%>
<%
function SQLInjection(strText)
SQLInjection=Replace(Replace(Replace(Request(strText),"'","")," ",""),"-","")
end function
%>
<SCRIPT LANGUAGE="VBScript" RUNAT="Server">
Function CKStrInput(InputString)
Dim ksStr,i
ksStr=array("select","insert","update","delete","drop","or","shutdown","'","--","xp_","sp_","http://") '<=======把網路蟑螂下的語法字串放這
InputString=LCase(InputString)
InputString=Replace(InputString,"'","''")
For i=LBound(known_badString)to UBound(ksStr)
InputString=Replace(InputString,ksStr(i),"")
Next
CKInputString=InputString
End Function
</script>
Function CKStrInput(InputString)
Dim ksStr,i
ksStr=array("select","insert","update","delete","drop","or","shutdown","'","--","xp_","sp_","http://") '<=======把網路蟑螂下的語法字串放這
InputString=LCase(InputString)
InputString=Replace(InputString,"'","''")
For i=LBound(known_badString)to UBound(ksStr)
InputString=Replace(InputString,ksStr(i),"")
Next
CKInputString=InputString
End Function
</script>
