hzhost防asp攻击函数
hzhost防asp攻击函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"非法请求!!!")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
相关文档:
原文引用:
http://www.17558.net/cmd.asp?act=tb&id=16&key=43840
原文地址:http://www.17558.net/post/16.html
偶是一个底层的ASP技术人员(属于半路出家的那种,以前是一名网络技术人员),最近参与制作一个CRM系统,架够采用ASP+SQL,考虑到以后数据查询效率问题,所以在网上找了一个 Asp数据操作组件(百万级分页) , ......
set conn=server.createobject("adodb.connection")
conn.open "driver={microsoft access driver (*.mdb)};dbq=F:\\ajaxpro\\App_Data\\server.mdb"
Dim StrSQL,RS
StrSQL="SELECT*from Manager WHERE ID='"&username&"'"
StrSQL=StrSQL&"AND Pin='"&passwor ......
'---------------------------------------------------------------------------------------------------1.asp
<!--#include file="function.asp" -->
<%if Request.Cookies("venshop")("user_name")<>"" then%>'当用户登录时可以执行then
<script>
function checkAll(){
&nbs ......
'-------------------------------------------------------------------------------------------------------1.asp
<!--#include file="function.asp" -->
<%if Request.Cookies("venshop")("user_name")<>"" then%>
<script>
function checkAll(){
for (i=0;i&l ......
<%
set rs=server.CreateObject(”ADODB.recordset”)
sql =”select * from 表”
rs.open sql,conn,1,1
page=cint(request(”page”))
n=rs.RecordCount
rs.pagesize=12
m=cint(rs.pagecount)
if page=”" then
page=1
elseif page<1 then
page=1
end if
if cint(r ......
