本文介绍了一种在ASP网页中防止SQL注入攻击的方法。通过过滤特定的危险字符和字符串组合来阻止恶意输入,确保数据库查询的安全。当检测到潜在的恶意输入时,会显示警告并重定向用户。
conn.asp
<%
Query_Badword="'‖and‖select‖update‖chr‖delete‖ from‖delete from‖;‖insert‖mid‖master.‖set‖chr(37)‖="
On Error Resume Next
if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"‖")
FOR EACH Query_Name IN Request.QueryString
for i8=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i8))<>0 Then
response.write "<SCRIPT>alert('花年记事!');window.location='/'</SCRIPT>"
Response.End
End If
NEXT
NEXT
End if
%>
Query_Badword="'‖and‖select‖update‖chr‖delete‖ from‖delete from‖;‖insert‖mid‖master.‖set‖chr(37)‖="
On Error Resume Next
if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"‖")
FOR EACH Query_Name IN Request.QueryString
for i8=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i8))<>0 Then
response.write "<SCRIPT>alert('花年记事!');window.location='/'</SCRIPT>"
Response.End
End If
NEXT
NEXT
End if
%>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
