防注入代码-vb.net sql注入代码
Page_Load事件中调用。
不过在这里强烈建议在数据库处调用,可参照以下代码调用:
Dim conn As Data.OleDb.OleDbConnection
Dim jkclass As New Class1
conn = jkclass.getconn()
Imports Microsoft.VisualBasic
Public Class Class1
'-----------------------------------------------------------------------------小例子-------------------------------------
Public Function getconn()
Dim conn As Data.OleDb.OleDbConnection
Dim connstr As String
conn = New Data.OleDb.OleDbConnection
connstr = "provider=microsoft.jet.oledb.4.0; data source=" & System.Web.HttpContext.Current.Server.MapPath("2008.mdb")
conn.ConnectionString = connstr
JK1986_CheckSql()
If conn.State = Data.ConnectionState.Closed Then
conn.Open()
End If
getconn = conn
End Function
'-----------------------------------------------------------------------------以下是防SQL代码-----------------------------------------------
Public Function JK1986_CheckSql()
Dim JK1986_Sql As String
Dim JK_Sql As String()
Dim k As String
JK1986_Sql = "exec↓select↓drop↓alter↓exists↓union↓and↓or↓xor↓order↓mid↓asc↓execute↓xp_cmdshell↓insert↓update↓delete↓join↓declare↓char↓sp_oacreate↓wscript.shell↓xp_regwrite↓'↓;↓--↓/↓*"
JK_Sql = JK1986_Sql.Split("↓")
For Each k In JK_Sql
'-----------------------防 GET 注入-----------------------
If System.Web.HttpContext.Current.Request.QueryString.ToString() <> "" Then
Dim jk As Integer
Dim getip As String
For jk = 0 To System.Web.HttpContext.Current.Request.QueryString.Count - 1
If System.Web.HttpContext.Current.Request.QueryString(System.Web.HttpContext.Current.Request.QueryString.Keys(jk).ToString()).ToLower().Contains(k) = True Then
System.Web.HttpContext.Current.Response.Write("<script Language=JavaScript>alert('ASP.NET( VB.NET版本 )防注入程序警告您,请勿提交非法字符!↓rnrnBlog:http://hi.baidu.com/ahhacker86 rnrnBy:
补充:asp.net教程,安装和部署