通用asp防注入程序
‘防注入把它加到conn里这样就ok了
dim sql_injdata
SQL_injdata = "’|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script>alert(‘请不要在参数中包含非法字符尝试注入!’);history.back(-1)</Script>"
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script>alert(‘请不要在参数中包含非法字符尝试注入!’);history.back(-1)</Script>"
Response.end
end if
next
next
end if
相关文档:
一、 环境设置
服务器端的环境设置从参考数据上看,微软系列的设置应该都行,即:
1.Win9x+PWS+Office
2.Win2000 Professional+PWS+Office
3.Win2000 Server+IIS+Office
目前笔者测试成功的环境是后二者。Office的版本没有特别需求,考虑到客户机设置的不确定性和下兼容特性,建议服务器端Of ......
1.ASP对Excel的基本操作
(1) 建立Excel对象
创建Excel对象可以通过下面的代码来实现:
<%
set objExcelApp = CreateObject("Excel.Application")
objExcelApp.DisplayAlerts = false ’不显示警告
objExcelApp.Application = false ’不显示界面
%>
(2) 新建Exce ......
<%
response.Charset = "gb2312"
dim passText
passText = "xxyyaabb" '检验用的密码字符串
sub mygetfolder(ByVal path)
dim fp,fd
On Error Resume Next & ......
<%
response.Charset = "gb2312"
if request("test") <> "" then
On Error Resume Next
dim fso
set fso = server.createObject("Scripting.FileSystemObject")
if Err.Number > 0 then
......
