当前位置:编程学习 > C#/ASP.NET >>

防注入代码-vb.net sql注入代码

Page_Load事件中调用。

不过在这里强烈建议在数据库处调用,可参照以下代码调用:

Dim conn As Data.OleDb.OleDbConnection
        Dim jkclass As New Class1
        conn = jkclass.getconn()

Imports Microsoft.VisualBasic

Public Class Class1
    '-----------------------------------------------------------------------------小例子-------------------------------------
    Public Function getconn()
        Dim conn As Data.OleDb.OleDbConnection
        Dim connstr As String
        conn = New Data.OleDb.OleDbConnection
        connstr = "provider=microsoft.jet.oledb.4.0; data source=" & System.Web.HttpContext.Current.Server.MapPath("2008.mdb")
        conn.ConnectionString = connstr
        JK1986_CheckSql()
        If conn.State = Data.ConnectionState.Closed Then
            conn.Open()
        End If
        getconn = conn
    End Function

    '-----------------------------------------------------------------------------以下是防SQL代码-----------------------------------------------

    Public Function JK1986_CheckSql()
        Dim JK1986_Sql As String
        Dim JK_Sql As String()
        Dim k As String
        JK1986_Sql = "exec↓select↓drop↓alter↓exists↓union↓and↓or↓xor↓order↓mid↓asc↓execute↓xp_cmdshell↓insert↓update↓delete↓join↓declare↓char↓sp_oacreate↓wscript.shell↓xp_regwrite↓'↓;↓--↓/↓*"
        JK_Sql = JK1986_Sql.Split("↓")
        For Each k In JK_Sql
            '-----------------------防 GET 注入-----------------------
            If System.Web.HttpContext.Current.Request.QueryString.ToString() <> "" Then
                Dim jk As Integer
                Dim getip As String
                For jk = 0 To System.Web.HttpContext.Current.Request.QueryString.Count - 1
                    If System.Web.HttpContext.Current.Request.QueryString(System.Web.HttpContext.Current.Request.QueryString.Keys(jk).ToString()).ToLower().Contains(k) = True Then
                        System.Web.HttpContext.Current.Response.Write("<script Language=JavaScript>alert('ASP.NET( VB.NET版本 )防注入程序警告您,请勿提交非法字符!↓rnrnBlog:http://hi.baidu.com/ahhacker86 rnrnBy:

补充:asp.net教程,安装和部署
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,