Home >Backend Development >PHP Tutorial >asp anti-sql injection source program_PHP tutorial

asp anti-sql injection source program_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:09:401134browse

This article provides an ASP anti-SQL injection source program for free. The method is relatively simple, which is to receive the query value and filter it.

This article provides an ASP anti-SQL injection source program for free. The method is relatively simple, which is to receive the query value and filter it.

<%
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
SQL_injdata =":|;|>|<|--|sp_|xp_||dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete |update|count|*|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "Your operation may be SQL injection behavior."
Response.end
end if
next
%>

I think there is another way to prevent sql injection, that is, use the trim() function to remove the spaces in all values ​​​​from the querystring, because the sql execution must contain spaces, and if it is an id type, determine whether it is The numbers are OK.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629744.htmlTechArticleThis article provides an asp anti-sql injection source program for free. The method is relatively simple, which is to receive the query value for filtering. oh. This article provides an ASP anti-SQL injection source program for free. The method is better than...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn