asp·ÀSQL×¢È뺯Êý
'SQL·À×¢È뺯Êý£¬µ÷Ó÷½·¨£¬ÔÚÐèÒª·À×¢ÈëµÄµØ·½Ìæ»»ÒÔÇ°µÄrequest("XXXX")ΪSafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'Òª¹ýÂ˵Ä×Ö·ûÒÔ","¸ô¿ª
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'ÅжÏÊÇ·ñÓÐ×¢Èë
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'×¢Èë´¦Àí
If
errmsg = 1
Then
Response
.
Write
"<script language=
Ïà¹ØÎĵµ£º
¾³£»á¿´¼ûÔÚSQL³ÌÐòµÄ¿ªÍ·ÓÐÕâÑùÒ»¾ä»°
if OBJECT_ID('tb') is not null
drop table tb
º¯ÊýÓï·¨ÊÇÕâÑù£º
int OBJECT_ID('objectname');
×÷ÓÃÊÇ¿´¶ÔÏóobjectnameÊÇ·ñ´æÔÚ¡£
ÆäÖвÎÊýobjectname±íʾҪʹÓõĶÔÏó£¬ÊÇchar»òÕßncharÀàÐÍ¡£
·µ»ØÖµÀàÐÍΪint£¬Èç¹û¶ÔÏó´æÔÚ£¬Ôò·µ»Ø´Ë¶ÔÏóÔÚϵͳÖеı ......
SQL ³£ÓÃÓï¾äÒÔ¼°º¯ÊýÖ®Ò»
SELECT --´ÓÊý¾Ý¿â±íÖмìË÷Êý¾ÝÐкÍÁÐ
¡¡¡¡¡¡¡¡¡¡¡¡INSERT --ÏòÊý¾Ý¿â±íÌí¼ÓÐÂÊý¾ÝÐÐ
¡¡¡¡¡¡¡¡¡¡¡¡DELETE --´ÓÊý¾Ý¿â±íÖÐɾ³ýÊý¾ÝÐÐ
¡¡¡¡¡¡¡¡¡¡¡¡UPDATE --¸üÐÂÊý¾Ý¿â±íÖеÄÊý¾Ý
¡¡¡¡--Êý¾Ý¶¨Òå
¡¡¡¡ CREATE TABLE --´´½¨Ò»¸öÊý¾Ý¿â±í
¡¡¡¡¡¡¡¡¡¡¡¡DROP TABLE --´ÓÊý¾Ý¿âÖÐɾ³ý±í
......
--²âÊÔÊý¾Ý
if OBJECT_ID('tb') is not null
drop table tb
go
CREATE TABLE tb(ID char(3),PID char(3),Name nvarchar(10))
INSERT tb SELECT '001',NULL ,'ɽ¶«Ê¡'
UNION ALL SELECT '002','001','ÑĮ̀ÊÐ'
UNION ALL SELECT '004','002','ÕÐÔ¶ÊÐ'
UNION ALL SELECT '003','001','ÇൺÊÐ'
UNION ALL SELECT '00 ......
1£ºSQL ServerÊý¾Ý¿âÅäÖÃ
¿ªÆô·þÎñÆ÷
ÍÐÅÌÏÔʾ·þÎñÆ÷Æô¶¯
2:ÔÚStaAfx.h ÖÐÌí¼ÓÈçÏ´úÂë
#import "C:\\Program Files\\Common Files\\System\\ado\\msado15.dll" no_namespace rename("EOF","adoEOF")rena ......
Ç°¼¸ÌìΪÖÆ×÷Ò»¸öÍøÕ¾£¬ÐèÒª´ÓACCESSתÖÁSQLSERVER£¬´ÓÍøÕ¾Éϲ鿴Á˺ܶàµÄ×ÊÁÏ£¬µ«¾õµÃûÓÐÒ»¸öÄܹ»È«Ã渲¸ÇÒªµãµÄ£¬ËùÒÔÎÒ×ܽáһϣ¬Ë³±ã
¸ø³öһЩ¾Ñé¡£
Ê×ÏÈÈç¹ûÒ»¿ªÊ¼¾ÍÐèÒªÖÆ×÷SQLSERVERµÄÍøÕ¾£¬ÄÇô×îºÃ½«ÄãµÄ°®»ú×°ÉÏWINDOWS2000»òÕß2003ÕâÑùµÄSERVER°æ£¬ÕâÑùµÄ°æ±¾ÊÇÖ§³Ö
SQLSERVERÕýʽ ......
