最新下载
热门教程
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
防注入代码-vb.net sql注入代码
时间:2009-08-13 编辑:简简单单 来源:一聚教程网
Page_Load事件中调用。
不过在这里强烈建议在数据库处调用,可参照以下代码调用:
Dim conn As Data.OleDb.OleDbConnection
Dim jkclass As New Class1
conn = jkclass.getconn()
Imports Microsoft.VisualBasic
Public Class Class1
'-----------------------------------------------------------------------------小例子-------------------------------------
Public Function getconn()
Dim conn As Data.OleDb.OleDbConnection
Dim connstr As String
conn = New Data.OleDb.OleDbConnection
connstr = "provider=microsoft.jet.oledb.4.0; data source=" & System.Web.HttpContext.Current.Server.MapPath("2008.mdb")
conn.ConnectionString = connstr
JK1986_CheckSql()
If conn.State = Data.ConnectionState.Closed Then
conn.Open()
End If
getconn = conn
End Function
'-----------------------------------------------------------------------------以下是防SQL代码-----------------------------------------------
Public Function JK1986_CheckSql()
Dim JK1986_Sql As String
Dim JK_Sql As String()
Dim k As String
JK1986_Sql = "exec↓select↓drop↓alter↓exists↓union↓and↓or↓xor↓order↓mid↓asc↓execute↓xp_cmdshell↓insert↓update↓delete↓join↓declare↓char↓sp_oacreate↓wscript.shell↓xp_regwrite↓'↓;↓--↓/↓*"
JK_Sql = JK1986_Sql.Split("↓")
For Each k In JK_Sql
'-----------------------防 GET 注入-----------------------
If System.Web.HttpContext.Current.Request.QueryString.ToString() <> "" Then
Dim jk As Integer
Dim getip As String
For jk = 0 To System.Web.HttpContext.Current.Request.QueryString.Count - 1
If System.Web.HttpContext.Current.Request.QueryString(System.Web.HttpContext.Current.Request.QueryString.Keys(jk).ToString()).ToLower().Contains(k) = True Then
System.Web.HttpContext.Current.Response.Write("