谁有完整的ASP防sql注入程序?
谢了
'防范get注入 If Request.QueryString <> "" Then StopInjection(Request.QueryString) '防范post注入 If Request.Form <> "" Then StopInjection(Request.Form) '防范cookies注入 If Request.Cookies <> "" Then StopInjection(Request.Cookies) '正则子函数 Function StopInjection(Values) Dim regEx Set regEx = New RegExp regEx.IgnoreCase = True regEx.Global = True regEx.Pattern = "'|;|([\s\b+()]+([email=select%7Cupdate%7Cinsert%7Cdelete%7Cdeclare%7C@%7Cexec%7Cdbcc%7Calter%7Cdrop%7Ccreate%7Cbackup%7Cif%7Celse%7Cend%7Cand%7Cor%7Cadd%7Cset%7Copen%7Cclose%7Cuse%7Cbegin%7Cretun%7Cas%7Cgo%7Cexists)[/s/b]select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b[/email]+]*)" Dim sItem, sValue For Each sItem In Values sValue = Values(sItem) If regEx.Test(sValue) Then Response.Write "<Script Language=javascript>alert('非法注入!你的行为已被记录!!');history.back(-1);</Script>" Response.End End If Next Set regEx = Nothing End function