Home > Article > Backend Development > asp anti-sql injection source program_PHP tutorial
This article provides an ASP anti-SQL injection source program for free. The method is relatively simple, which is to receive the query value and filter it.
This article provides an ASP anti-SQL injection source program for free. The method is relatively simple, which is to receive the query value and filter it.
<%
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
SQL_injdata =":|;|>|<|--|sp_|xp_||dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete |update|count|*|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "Your operation may be SQL injection behavior."
Response.end
end if
next
%>
I think there is another way to prevent sql injection, that is, use the trim() function to remove the spaces in all values from the querystring, because the sql execution must contain spaces, and if it is an id type, determine whether it is The numbers are OK.