此页面上的内容需要较新版本的 Adobe Flash Player。

获取 Adobe Flash Player

魔快网络 - 建高品质的网站!
电话:(0)15011022561 苏玮
QQ:476289485
MSN:[email protected]
魔快网络:建最优品质的网站 公司建网站,公司做网站,公司网站建设,网页设计、制作。技术支持电话:15011022561

首页->防止ASP注入代码

防止ASP注入代码

Response.Buffer = True '缓存页面
'防范get注入
If Request.QueryString <> "" Then StopInjection(Request.QueryString)
'防范post注入
If Request.Form <> "" Then StopInjection(Request.Form)
'防范cookies注入
If Request.Cookies <> "" Then StopInjection(Request.Cookies)
'正则子函数
Function StopInjection(Values)
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|#|([\s\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
Response.Write "<Script Language=javascript>alert('非法注入!你的行为已被记录!!');history.back(-1);</script> "
Response.End
End If
Next
Set regEx = Nothing
End function

'post过滤sql注入代防范及HTML防护开始
function nosql(str)
if not isnull(str) then
str=trim(str)
str=replace(str,";","&#59;") '分号
str=replace(str,"'","&#39;") '单引号
str=replace(str,"""","&quot;") '双引号
str=replace(str,"chr(9)","&nbsp;") '空格
str=replace(str,"chr(10)","<br>") '回车
str=replace(str,"chr(13)","<br>") '回车
str=replace(str,"chr(32)","&nbsp;") '空格
str=replace(str,"chr(34)","&quot;") '双引号
str=replace(str,"chr(39)","&#39;") '单引号
str=Replace(str, "script", "&#115cript")'jscript
str=replace(str,"<","&lt;") '左<
str=replace(str,">","&gt;") '右>
str=replace(str,"(","&#40;") '左(
str=replace(str,")","&#41;") '右)
str=replace(str,"--","&#45;&#45;") 'SQL注释符

str=replace(str,"net user","")
str=replace(str,"xp_cmdshell","")
str=replace(str,"/add","")
str=replace(str,"exec%20master.dbo.xp_cmdshell","")
str=replace(str,"net localgroup administrators","")
str=replace(str,"select","")
str=replace(str,"count","")
str=replace(str,"asc","")
str=replace(str,"char","")
str=replace(str,"mid","")
str=replace(str,":","")
str=replace(str,"insert","")
str=replace(str,"delete","")
str=replace(str,"drop","")
str=replace(str,"truncate","")
str=replace(str,"from","")
str=replace(str,"%","")
nosql=str
end if
end function


关闭窗口   

·[远程桌面控制]错误: 拒绝访问
·[菜单制作]css+js下拉菜单
·[定时关机命令]定时关机命令
·[远程桌面控制]远程桌面控制与IIS设置
·[导航菜单]横向导航菜单 2009-1-25
·[搜索引擎优化] 网站优化-url优化
·[网络营销方法] SEO讲座:关键词布局技巧

◇ 搜索引擎小偷程序初探

成品[朝阳区]
信诚威|白洋淀旅游|泛亚西亚|北京隆腾展具制作|祥威胜|优仕配音|诚灵纺织|国顺广告材料|魅力星光文化|北京朝阳做网站|rpglobalservices|北京建网站|vaiprachina|新彩福明广告
北京魔快网络公司 建高品质的网站! 顺义做网站分部
©2002- 电话:010-69440493 15011022561(苏先生) QQ:476289485 Email:[email protected]
地址:北京东城区工体北路新中西里17号楼北边平房(保利剧院东100米路北) 北京做网站找魔快,建站快、优化好!MoKuai.Net 京ICP备05048557号