代码语言
.
CSharp
.
JS
Java
Asp.Net
C
MSSQL
PHP
Css
PLSQL
Python
Shell
EBS
ASP
Perl
ObjC
VB.Net
VBS
MYSQL
GO
Delphi
AS
DB2
Domino
Rails
ActionScript
Scala
代码分类
文件
系统
字符串
数据库
网络相关
图形/GUI
多媒体
算法
游戏
Jquery
Extjs
Android
HTML5
菜单
网页交互
WinForm
控件
企业应用
安全与加密
脚本/批处理
开放平台
其它
【
ASP
】
获取参数值与sql安全过滤参数函数
作者:
Dezai.CN
/ 发布于
2012/10/24
/
1025
获取参数值与sql安全过滤参数函数
<div><span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">'获取参数值</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">Function getForm(element,ftype)</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">Select case ftype</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case "get"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">getForm=trim(request.QueryString(element))</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case "post"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">getForm=trim(request.Form(element))</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case "both"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">if isNul(request.QueryString(element)) then getForm=trim(request.Form(element)) else getForm=trim(request.QueryString(element))</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">End Select</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">getForm=replace(getForm,CHR(34),""")</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">getForm=replace(getForm,CHR(39),"'")</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">End Function</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">'主要功能就是获取参数值,比直接用request("element")要安全很多</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">'过滤参数</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">Function filterPara(byVal Para)</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">filterPara=preventSqlin(Checkxss(Para))</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">End Function</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">Function preventSqlin(content)</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">dim sqlStr,sqlArray,i,speStr</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">sqlStr="<|>|%|%27|'|''|;|*|and|exec|dbcc|alter|drop|insert|select|update|delete|count|master|truncate|char|declare|where|set|declare|mid|chr"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">if isNul(content) then Exit Function</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">sqlArray=split(sqlStr,"|")</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">for i=lbound(sqlArray) to ubound(sqlArray)</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">if instr(lcase(content),sqlArray(i))<>0 then</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">select case sqlArray(i)</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case "<":speStr="<"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case ">":speStr=">"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case "'","""":speStr="""</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">'case ";":speStr=";"</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">case else:speStr=""</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">end select</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">content=replace(content,sqlArray(i),speStr,1,-1,1)</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">end if</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">next</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">preventSqlin=content</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">End Function</span><br style="padding: 0px; margin: 0px; color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px;"> <span style="color: rgb(51, 51, 51); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 14px; line-height: 25px; background-color: rgb(221, 237, 251);">'上面的参数过滤函主要是防止sql注入,加强的防护。</span></div>
试试其它关键字
sql安全过滤
同语言下
.
二进制输出
.
查找text文本中指定字符或词所在句子
.
阻止浏览器冒泡事件,兼容firefox和ie
.
xmlhttp 读取文件
.
定时跳转页面
.
除asp中所有超链接
.
获取Session
.
打包时自定义应用程序的快捷方式与卸载
.
获取局域网中可用SQL Server服务器
.
判断汉字字数
可能有用的
.
C#实现的html内容截取
.
List 切割成几份 工具类
.
SQL查询 多列合并成一行用逗号隔开
.
一行一行读取txt的内容
.
C#动态修改文件夹名称(FSO实现,不移动文件)
.
c# 移动文件或文件夹
.
c#图片添加水印
.
Java PDF转换成图片并输出给前台展示
.
网站后台修改图片尺寸代码
.
处理大图片在缩略图时的展示
Dezai.CN
贡献的其它代码
(
4037
)
.
多线程Socket服务器模块
.
生成随机密码
.
清除浮动样式
.
弹出窗口居中
.
抓取url的函数
.
使用base HTTP验证
.
div模拟iframe嵌入效果
.
通过header转向的方法
.
Session操作类
.
执行sqlite输入插入操作后获得自动编号的ID
Copyright © 2004 - 2024 dezai.cn. All Rights Reserved
站长博客
粤ICP备13059550号-3