asp·ÀSQL×¢È뺯Êý
'SQL·À×¢È뺯Êý£¬µ÷Ó÷½·¨£¬ÔÚÐèÒª·À×¢ÈëµÄµØ·½Ìæ»»ÒÔǰµÄrequest("XXXX")ΪSafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'Òª¹ýÂ˵Ä×Ö·ûÒÔ","¸ô¿ª
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'ÅжÏÊÇ·ñÓÐ×¢Èë
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'×¢Èë´¦Àí
If
errmsg = 1
Then
Response
.
Write
"<script language=
Ïà¹ØÎĵµ£º
´´½¨º¯Êý
CREATE OR REPLACE FUNCTION ntfuc(inp IN NUMBER)
RETURN NUMBER
IS
ntmp NUMBER;
BEGIN
ntmp := inp;
RETURN ntmp;
END ntfuc;
/
Ö´Ðиú¯Êýʱ
DECLARE
rcn NUMBER;
BEGIN
rcn := ntfunc(1);
END;
/ ......
Ò»¡¢SQL´æ´¢¹ý³ÌµÄ¸ÅÄÓŵ㼰Óï·¨
¡¡¡¡ÕûÀíÔÚѧϰ³ÌÐò¹ý³Ì֮ǰ£¬ÏÈÁ˽âÏÂʲôÊÇ´æ´¢¹ý³Ì?ΪʲôҪÓô洢¹ý³Ì£¬ËûÓÐÄÇЩÓŵã
¡¡¡¡¶¨Ò壺½«³£ÓõĻòºÜ¸´ÔӵŤ×÷£¬Ô¤ÏÈÓÃSQLÓï¾äдºÃ²¢ÓÃÒ»¸öÖ¸¶¨µÄÃû³Æ´æ´¢ÆðÀ´, ÄÇôÒÔºóÒª½ÐÊý¾Ý¿âÌṩÓëÒѶ¨ÒåºÃµÄ´æ´¢¹ý³ÌµÄ¹¦ÄÜÏàͬµÄ·þÎñʱ,Ö»Ðèµ÷ÓÃexecute,¼´¿É×Ô¶¯Íê³ ......
ÔÚSQL Server 2005 Express Éϸ½¼Ó´ÓÁíÍâһ̨µçÄÔCopy¹ýÀ´µÄÊý¾Ý¿âºó£¬Êý¾Ý¿âΪ“Ö»¶Á”¡£
½â¾ö°ì·¨£º
´ò¿ª SQL Server Configuration Manager, ´ò¿ªSQL Server SQLEXPRESS µÄÊôÐÔ
ÔÚÄÚÖÃÕʺŴ¦£¬°Ñ“ÍøÂç·þÎñ”¸Ä³É“±¾µØÏµÍ³”£¬ÖØÐÂÆô¶¯SQL Server 2005 Express ºó£¬ÔÙ¸½¼ÓÊý¾Ý ......
ÎÒ¶¨ÒåÁËÒ»¸ö textarea:
<tr bgcolor="#CCCCCC" align="center" valign="bottom">
<td align="right" valign="top" class="style1" >ÎÄÕÂÄÚÈÝ£º</td>
&nbs ......