Board logo

标题: ASP最新SQL防注入过滤涵数 [打印本页]
作者: 飞鸟设计    时间: 2005-5-21 10:32     标题: ASP最新SQL防注入过滤涵数

Function Checkstr(Str) If Isnull(Str) Then CheckStr = `` Exit Function End If Str = Replace(Str,Chr(0),``, 1, -1, 1) Str = Replace(Str, ````, `"`, 1, -1, 1) Str = Replace(Str,`??`,`<`, 1, -1, 1) Str = Replace(Str,`??`,`>`, 1, -1, 1) Str = Replace(Str, `script`, `script`, 1, -1, 0) Str = Replace(Str, `SCRIPT`, `SCRIPT`, 1, -1, 0) Str = Replace(Str, `Script`, `Script`, 1, -1, 0) Str = Replace(Str, `script`, `Script`, 1, -1, 1) Str = Replace(Str, `object`, `object`, 1, -1, 0) Str = Replace(Str, `OBJECT`, `OBJECT`, 1, -1, 0) Str = Replace(Str, `Object`, `Object`, 1, -1, 0) Str = Replace(Str, `object`, `Object`, 1, -1, 1) Str = Replace(Str, `applet`, `applet`, 1, -1, 0) Str = Replace(Str, `APPLET`, `APPLET`, 1, -1, 0) Str = Replace(Str, `Applet`, `Applet`, 1, -1, 0) Str = Replace(Str, `applet`, `Applet`, 1, -1, 1) Str = Replace(Str, `[`, `[`) Str = Replace(Str, `]`, `]`) Str = Replace(Str, ````, ``, 1, -1, 1) Str = Replace(Str, `=`, `=`, 1, -1, 1) Str = Replace(Str, ```, ````, 1, -1, 1) Str = Replace(Str, `select`, `select`, 1, -1, 1) Str = Replace(Str, `execute`, `execute`, 1, -1, 1) Str = Replace(Str, `exec`, `exec`, 1, -1, 1) Str = Replace(Str, `join`, `join`, 1, -1, 1) Str = Replace(Str, `union`, `union`, 1, -1, 1) Str = Replace(Str, `where`, `where`, 1, -1, 1) Str = Replace(Str, `insert`, `insert`, 1, -1, 1) Str = Replace(Str, `delete`, `delete`, 1, -1, 1) Str = Replace(Str, `update`, `update`, 1, -1, 1) Str = Replace(Str, `like`, `like`, 1, -1, 1) Str = Replace(Str, `drop`, `drop`, 1, -1, 1) Str = Replace(Str, `create`, `create`, 1, -1, 1) Str = Replace(Str, `rename`, `rename`, 1, -1, 1) Str = Replace(Str, `count`, `count`, 1, -1, 1) Str = Replace(Str, `chr`, `chr`, 1, -1, 1) Str = Replace(Str, `mid`, `mid`, 1, -1, 1) Str = Replace(Str, `truncate`, `truncate`, 1, -1, 1) Str = Replace(Str, `nchar`, `nchar`, 1, -1, 1) Str = Replace(Str, `char`, `char`, 1, -1, 1) Str = Replace(Str, `alter`, `alter`, 1, -1, 1) Str = Replace(Str, `cast`, `cast`, 1, -1, 1) Str = Replace(Str, `exists`, `exists`, 1, -1, 1) Str = Replace(Str,Chr(13),`??br??`, 1, -1, 1) CheckStr = Replace(Str,```,````, 1, -1, 1) End Function
作者: sunshine-v    时间: 2005-5-21 21:44     标题: ASP最新SQL防注入过滤涵数

好东西!
作者: ☆一往情深☆    时间: 2005-5-21 23:22     标题: ASP最新SQL防注入过滤涵数

星星,我看不懂啊,给注解一下啊
作者: sunshine-v    时间: 2005-6-3 19:09     标题: ASP最新SQL防注入过滤涵数

这个好象是MD5加密的是吗?我也有一个~
作者: ☆一往情深☆    时间: 2005-6-4 00:45     标题: ASP最新SQL防注入过滤涵数

是吗?这个真不懂啊,我看像是VB里的分枝循环语句,



欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/) Powered by Discuz! 7.2