asp·ÀSQL×¢È뺯Êý
'SQL·À×¢È뺯Êý£¬µ÷Ó÷½·¨£¬ÔÚÐèÒª·À×¢ÈëµÄµØ·½Ìæ»»ÒÔÇ°µÄrequest("XXXX")ΪSafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'Òª¹ýÂ˵Ä×Ö·ûÒÔ","¸ô¿ª
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'ÅжÏÊÇ·ñÓÐ×¢Èë
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'×¢Èë´¦Àí
If
errmsg = 1
Then
Response
.
Write
"<script language=
Ïà¹ØÎĵµ£º
1.¶Ô²éѯ½øÐÐÓÅ»¯£¬Ó¦¾¡Á¿±ÜÃâÈ«±íɨÃ裬Ê×ÏÈÓ¦¿¼ÂÇÔÚ where ¼° order by Éæ¼°µÄÁÐÉϽ¨Á¢Ë÷Òý¡£
2.Ó¦¾¡Á¿±ÜÃâÔÚ where ×Ó¾äÖжÔ×ֶνøÐÐ null ÖµÅжϣ¬·ñÔò½«µ¼ÖÂÒýÇæ
·ÅÆúʹÓÃË÷Òý¶ø½øÐÐÈ«±íɨÃ裬È磺
select id from t where num is null
¿ÉÒÔÔÚnumÉÏÉèÖÃ
ĬÈÏÖµ0£¬È·±£±íÖÐnumÁÐûÓÐnullÖµ£¬È»ºóÕâ
Ñù²éѯ£º
sel ......
--²âÊÔÊý¾Ý
if OBJECT_ID('tb') is not null
drop table tb
go
CREATE TABLE tb(ID char(3),PID char(3),Name nvarchar(10))
INSERT tb SELECT '001',NULL ,'ɽ¶«Ê¡'
UNION ALL SELECT '002','001','ÑĮ̀ÊÐ'
UNION ALL SELECT '004','002','ÕÐÔ¶ÊÐ'
UNION ALL SELECT '003','001','ÇൺÊÐ'
UNION ALL SELECT '00 ......
asp ÖÐÎÄÂÒÂë,asp access ÂÒÂë,asp ˢкóÂÒÂë,asp utf 8ÂÒÂë,ajax ÂÒÂë asp,asp ºº×ÖÂÒÂë,aspÂÒÂëÔõô°ì
ÓÃutf-8±àÂëÓÃÔÚеÄÍøÕ¾ÉÏ£¬²»ÏëÎÊÌ⻹Õæ¶à£¬ËùÒÔÕÒÁËЩÎÄÕ£¬Ìû×Ó£¬¿´ÁË¿´£¬µÈÏÂÓÐÓõľÍÌùÏÂÃæÁË¡£
½ñÌ죬ÎÒ¿ªÊ¼°Ñ CODEPAGE="936" ¸Ä³É CODEPAGE="65001"
°Ñcharset=gb2312¸Ä³É charset=utf-8
¿ÉÊÇ»¹ÊÇÂÒÂë ......
Ò»¡¢SQL´æ´¢¹ý³ÌµÄ¸ÅÄÓŵ㼰Óï·¨
¡¡¡¡ÕûÀíÔÚѧϰ³ÌÐò¹ý³Ì֮ǰ£¬ÏÈÁ˽âÏÂʲôÊÇ´æ´¢¹ý³Ì?ΪʲôҪÓô洢¹ý³Ì£¬ËûÓÐÄÇЩÓŵã
¡¡¡¡¶¨Ò壺½«³£ÓõĻòºÜ¸´ÔӵŤ×÷£¬Ô¤ÏÈÓÃSQLÓï¾äдºÃ²¢ÓÃÒ»¸öÖ¸¶¨µÄÃû³Æ´æ´¢ÆðÀ´, ÄÇôÒÔºóÒª½ÐÊý¾Ý¿âÌṩÓëÒѶ¨ÒåºÃµÄ´æ´¢¹ý³ÌµÄ¹¦ÄÜÏàͬµÄ·þÎñʱ,Ö»Ðèµ÷ÓÃexecute,¼´¿É×Ô¶¯Íê³ ......
