asp防SQL注入函数
'SQL防注入函数,调用方法,在需要防注入的地方替换以前的request("XXXX")为SafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'要过滤的字符以","隔开
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'判断是否有注入
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'注入处理
If
errmsg = 1
Then
Response
.
Write
"<script language=
相关文档:
1.对查询进行优化,应尽量避免全表扫描,首先应考虑在 where 及 order by 涉及的列上建立索引。
2.应尽量避免在 where 子句中对字段进行 null 值判断,否则将导致引擎
放弃使用索引而进行全表扫描,如:
select id from t where num is null
可以在num上设置
默认值0,确保表中num列没有null值,然后这
样查询:
sel ......
1:SQL Server数据库配置
开启服务器
托盘显示服务器启动
2:在StaAfx.h 中添加如下代码
#import "C:\\Program Files\\Common Files\\System\\ado\\msado15.dll" no_namespace rename("EOF","adoEOF")rena ......
http://www.sql-server-performance.com/tips/clustered_indexes_p1.aspx
As a rule of thumb, every table should have a clustered index. Generally, but not always, the clustered index should be on a column that monotonically increases--such as an identity column, or some other column where the value is ......
我定义了一个 textarea:
<tr bgcolor="#CCCCCC" align="center" valign="bottom">
<td align="right" valign="top" class="style1" >文章内容:</td>
&nbs ......
