主要基于GET提交方式的防治,如有语法错误请谅解。◎! ------------------------------------------ <% linux博客#l G b t)m e ~2c O dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown S:J g Y c O @0'加入要检测出的特殊字符---------------------------------------------------------------linux博客6? {&S+c8T+N sql_leach = "',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c" "N"T X"|9^+x T0'用SPLIT函数把特殊的字符串分割-------------------------------------------------------- linux博客 d&q O a U4j R G!Y q sql_leach_0 = split(sql_leach,",") y ` c)l I7@ S v ~0IP=request.ServerVariables("REMOTE_ADDR") '提取对方IPlinux博客 ? N+E t y'n(G;[ Brown=request.ServerVariables("REQUEST_METHOD") '提取对方提交方式linux博客$Y G ~3} e.v4F9J g6O Thispage=request.ServerVariables("URL")linux博客&[+e*[ a I P#{ F F { '检测Request.QueryString--------------------------------------------------------------linux博客 ~ \#t7z W&n)\.B If Request.QueryString<>"" Then %y#d q _9K'Q0'循环开始,并查找URL设定的特殊字符---------------------------------------------------- m F U g1p1[0For Each SQL_Get In Request.QueryString q%g k n b B.O%v K n0For SQL_Data=0 To Ubound(sql_leach_0) x K9x T T,n T+b0if instr(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))>0 Then a @ } R L U p&Q0 Set cmd=server.CreateObject("ADODB.COMMAND")linux博客 a+J D;Y a @ D n cmd.ActiveConnection = "Provider=Microsoft.Jet.Oledb.4.0;Data source=" & server.mappath("/database/SQL.mdb")linux博客5n j }%V0h f I d,Z IP=request.ServerVariables("REMOTE_ADDR") '提取对方IP +hd ^ z I0 Brown=request.ServerVariables("REQUEST_METHOD") '提取对方提交方式linux博客,d%d |'? s-O Y Thispage=request.ServerVariables("URL") Z"N D'{ H C;r'J0 cmd.commandtext="insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&')"linux博客k O w l%~ G3q,} cmd.ActiveConnection.close X*b%U/_5z)W!z [0Response.Write "请不要尝试进行SQL注入! " "linux博客 i R X C w " |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-9-30 11:41 , Processed in 0.144671 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.