[ASP]三种过滤SQL的非法字符 非法sql注入字符[备用]

2010年9月11日星期六 | | |

过滤非法的SQL字符 非法sql注入字符代码,下面我们为你提供了三种过滤sql注入的asp教程做法,过滤非法sql与字符就可以有效的防止部份注入了。


'**************************************************
'函数名:R
'作 用:过滤非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************

Public Function R(strChar)
If strChar = "" Or IsNull(strChar) Then R = "":Exit Function
Dim strBadChar, arrBadChar, tempChar, I
'strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,,;,:," & Chr(34) & "," & Chr(0) & ""
strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,,;,:," & Chr(34) & "," & Chr(0) & ""
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For I = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(I), "")
Next
tempChar = Replace(tempChar, "@@", "@")
R = tempChar
End Function
'过滤xss
Function CheckXSS(ByVal strCode)
Dim Re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="<.[^>]*(style).>"
strCode = re.Replace(strCode, "")
re.Pattern="<(a.[^>]*|/a|li|br|B|/li|/B|font.[^>]*|/font)>"
strCode=re.Replace(strCode,"[$1]")
strCode=Replace(Replace(strCode, "<", "<"), ">", ">")
re.Pattern="[(a.[^]]*|/a|li|br|B|/li|/B|font.[^]]*|/font)]"
strCode=re.Replace(strCode,"<$1>")
re.Pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>"
strCode = re.Replace(strCode, "")
Set Re=Nothing
CheckXSS=strCode
End Function

防sql非法字符注入二

Function FilterIDs(byval strIDs)
Dim arrIDs,i,strReturn
strIDs=Trim(strIDs)
If Len(strIDs)=0 Then Exit Function
arrIDs=Split(strIDs,",")
For i=0 To Ubound(arrIds)
If ChkClng(Trim(arrIDs(i)))<>0 Then
strReturn=strReturn & "," & Int(arrIDs(i))
End If
Next
If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1)
FilterIDs=strReturn
End Function

过滤sql注入字符三

'**************************************************
'函数名:R
'作 用:过滤非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************

Public Function R(strChar)
   If strChar = "" Or IsNull(strChar) Then R = "":Exit Function
   Dim strBadChar, arrBadChar, tempChar, I
   'strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,,;,:," & Chr(34) & "," & Chr(0) & ""
   strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,,;,:," & Chr(34) & "," & Chr(0) & ""
   arrBadChar = Split(strBadChar, ",")
   tempChar = strChar
   For I = 0 To UBound(arrBadChar)
    tempChar = Replace(tempChar, arrBadChar(I), "")
   Next
   tempChar = Replace(tempChar, "@@", "@")
   R = tempChar
End Function

sql防注入四

Function CheckSql() '防止SQL注入
    Dim sql_injdata 
    SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
    SQL_inj = split(SQL_Injdata,"|")
    If Request.QueryString<>"" Then
        For Each SQL_Get In Request.QueryString
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language='javascript教程'>{alert('请不要在参数中包含非法字符!');history.back(-1)}</Script>"
                    Response.end
                end if
            next
        Next
    End If
    If Request.Form<>"" Then
        For Each Sql_Post In Request.Form
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language='javascript'>{alert('请不要在参数中包含非法字符!');history.back(-1)}    </Script>"
                    Response.end
                end if
            next
        next
    end if
End Function

备用,暂时还没有测试...

0 评论:


所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]