欢迎访问web记录!每一步的成长都是一种幸福,聪明的女孩擅长记录幸福!
您现在的位置:web记录 > 网站运营 > 网站安全 >

sql注入攻击防范,如何防范sql注入攻击?

更新时间:2012-11-21 浏览次数:

如今,越来越多的企业拥有了自己的网站,但是令人头疼的是网站很容易被恶意攻击,比较常见的攻击方式就是sql注入式攻击,为此,笔者在网上找了些sql注入式攻击防范的代码,具体如下:
'SQL注入式攻击防范get及ID(not)代码
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
allquery=squery+sURL
if InStr(allquery,"%20")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%a1a1")<>0 or InStr(allquery,"%24")<>0 or InStr(allquery,"%3b")<>0 or InStr(allquery,";")<>0 or InStr(allquery,":")<>0 or InStr(allquery,"%%")<>0 or InStr(allquery,"%3c")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"")<>0 or InStr(allquery,"*")<>0 or not(isnumeric(request("id"))) or not(isnumeric(request("page"))) then
Response.write "不法访问"
Response.End
end if
'post过滤sql注入代防范及HTML防护
function nosql(str)
if not isnull(str) then
str=trim(str)
str=replace(str,";",";") '分号
str=replace(str,"'","'") '单引号
str=replace(str,"""",""") '双引号
str=replace(str,"chr(9)"," ") '空格
str=replace(str,"chr(10)","<br>") '回车
str=replace(str,"chr(13)","<br>") '回车
str=replace(str,"chr(32)"," ") '空格
str=replace(str,"chr(34)",""") '双引号
str=replace(str,"chr(39)","'") '单引号
str=Replace(str, "script", "script")'jscript
str=replace(str,"<","<") '左<
str=replace(str,">",">") '右>
str=replace(str,"--","--") 'SQL注释符
nosql=str
end if
end function

function FormatSQL(str)
if isnull(str) then
str = ""
exit function
end if
str=trim(str)
str=replace(str,"&","&amp;") '&
str=replace(str,";","&#59;") '分号
str=replace(str,"'","&#39;") '单引号
str=replace(str,"""","&quot;") '双引号
str=replace(str,"chr(9)","&nbsp;") '空格
str=replace(str,"chr(10)","<br>") '回车
str=replace(str,"chr(13)","<br>") '回车
str=replace(str,"chr(32)","&nbsp;") '空格
str=replace(str,"chr(34)","&quot;") '双引号
str=replace(str,"chr(39)","&#39;") '单引号
str=Replace(str, "script", "&#115cript")'script
str=replace(str,"<","&lt;") '左<
str=replace(str,">","&gt;") '右>
str=replace(str,"(","&#40;") '左(
str=replace(str,")","&#41;") '右)
str=replace(str,"*","&#42;") '*
str=replace(str,"--","&#45;&#45;") 'SQL注释符
FormatSQL=str
end function这可能存在危险的地方用此函数过滤掉攻击者注入的sql语句,从而降低网站被攻击的风险,希望对大家有所帮助。。。

关键词:

    + 相关信息

    前端案例

    返回顶部 欢迎访问web记录!每一步的成长都是一种幸福,聪明的女孩擅长记录幸福!