史萊姆論壇 - 查看單個文章

psac · 2006-05-30, 01:23 PM

放在conn.asp裡就行了。

'屏蔽通過地址欄攻擊
url=Request.ServerVariables("QUERY_STRING")
if instr(url,";")>=1 then
url=Replace(url,";","；") : Response.Redirect("?" & url)
end if
'屏蔽通過表單攻擊
for each item in request.form
stritem=lcase(server.HTMLEncode(Request.form(item)))
if instr(stritem,"select ")>=1 or instr(stritem,"insert ")>=1 or instr(stritem,"update ")>=1 or instr(stritem,"delete ")>=1 or instr(stritem,"exec ")>=1 or instr(stritem,"declare ")>=1 then
response.write ("對不起,請不要輸入非法字元!")
response.end
end if
next

2006-05-30, 01:23 PM	#1 (permalink)
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	一段防注入的通用腳本放在conn.asp裡就行了。 '屏蔽通過地址欄攻擊 url=Request.ServerVariables("QUERY_STRING") if instr(url,";")>=1 then url=Replace(url,";","；") : Response.Redirect("?" & url) end if '屏蔽通過表單攻擊 for each item in request.form stritem=lcase(server.HTMLEncode(Request.form(item))) if instr(stritem,"select ")>=1 or instr(stritem,"insert ")>=1 or instr(stritem,"update ")>=1 or instr(stritem,"delete ")>=1 or instr(stritem,"exec ")>=1 or instr(stritem,"declare ")>=1 then response.write ("對不起,請不要輸入非法字元!") response.end end if next

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次