asp anti-sql injection source program_PHP tutorial

This article provides an ASP anti-SQL injection source program for free. The method is relatively simple, which is to receive the query value and filter it.

This article provides an ASP anti-SQL injection source program for free. The method is relatively simple, which is to receive the query value and filter it.

<%
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
SQL_injdata =":|;|>|<|--|sp_|xp_||dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete |update|count|*|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "Your operation may be SQL injection behavior."
Response.end
end if
next
%>

I think there is another way to prevent sql injection, that is, use the trim() function to remove the spaces in all values ​​​​from the querystring, because the sql execution must contain spaces, and if it is an id type, determine whether it is The numbers are OK.

http://www.bkjia.com/PHPjc/629744.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629744.htmlTechArticleThis article provides an asp anti-sql injection source program for free. The method is relatively simple, which is to receive the query value for filtering. oh. This article provides an ASP anti-SQL injection source program for free. The method is better than...