28,391
社区成员
发帖
与我相关
我的任务
分享
set rs = server.createobject("adodb.recordset")
sql="..."
rs.open sql,conn,1,3
'rs.addnew
...
rs.update
rs.close
set rs=nothing
Function CheckData()
Dim KeyWord
KeyWord="select|and|or|insert|delete|count(|drop|truncate|asc(|char(|xp_cmdshell|net localgroup administrators|net user|update|'|chr|mid|master|from|where|declare"
Item_SQL = Split(KeyWord,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(Item_SQL)
If instr(Request.QueryString(SQL_Get),Item_SQL(Sql_DATA))>0 Then
Response.Write "参数错误,内容含有非法字符,有疑问可及时向网站管理员反应!"
Response.End
End if
Next
Next
End If
End Function
Call CheckData()
If Instr(Request.ServerVariables("PATH_INFO"),"admin") = 0 Then
Call InData()
End If
Sub InData()
Dim SQL_injdata,SQL_inj,SQL_Get,Sql_Post,SQL_Data
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL通用防注入系统"
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL通用防注入系统"
Response.end
end if
next
next
end if
End Sub