关于sql注入安全问题 - 编程论坛

ysf01812012-11-04 10:25

'SQL检查的ASP，代码

Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Fy_Inf = split(Fy_In,"|")
If Request.Form<>"" Then
   For Each Fy_Post In Request.Form
        For Fy_Xh=0 To Ubound(Fy_Inf)
            If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
               response.write "提交错误"
               response.end
            End If
        Next
    Next
End If
If Request.QueryString<>"" Then
   For Each Fy_Post In Request.QueryString
        For Fy_Xh=0 To Ubound(Fy_Inf)
            If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
               response.write "提交错误"
               response.end
            End If
        Next
    Next

End If

[ 本帖最后由 ysf0181 于 2012-11-4 10:26 编辑 ]