发表评论
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。
RSS订阅优然探索
#Region "防止SQL漏洞的程序SqlError"
Public Function SkyReplaceBadRequest(ByVal StrChar As String) As String
If StrChar = "" Then
SkyReplaceBadRequest = ""
Else
SkyReplaceBadRequest = Replace(Replace(StrChar, "'", ""), Chr(43), "").Replace(" ", "").Trim(" ").Replace("%", "").Replace("<", "").Replace("*", "").Replace(";", "")
End If
End Function
Public Function SkyReplaceBad(ByVal StrChar As String) As String
If StrChar = "" Then
SkyReplaceBad = ""
Else
SkyReplaceBad = Replace(Replace(StrChar, "'", ""), Chr(43), "").Replace(" ", "").Trim(" ").Replace("%", "").Replace("<", "").Replace("*", "").Replace(";", "")
End If
End Function
Public Sub Sql2008()
On Error Resume Next
Dim Myrul, ErrorUrl As String
ErrorUrl = "/Error.aspx"
Myrul = Request.ServerVariables("QUERY_STRING")
Myrul = Myrul.ToLower
Dim ErrorInfo As String
ErrorInfo = "select,select,;,Insert,Update,delete,from,and,chr,',or"
Dim B As Boolean
Dim ErrorZ() As String
ErrorZ = ErrorInfo.Split(",")
B = False
Dim I, Fy As Integer
Fy = 3
For I = 0 To UBound(ErrorZ)
If InStr(Myrul, ErrorZ(I).ToLower) > 0 Then
B = True
Exit For
End If
Next
If B = True Then
MySqlError("/SqlError.txt", Myrul)
Select Case Fy
Case 1
htm = htm&("<Script Language=JavaScript>alert(' 出现错误!参数的值中包含非法字符串!\n\n 请不要在参数中出现:;,and,select,update,insert,delete,chr 等非法字符!\n\n不要做无聊的事情!谢谢!');window.close();</Script>")
Case 2
htm = htm&("<Script Language=JavaScript>location.href='" & ErrorUrl & "'</Script>")
Case Else
htm = htm&("<Script Language=JavaScript>alert(' 出现错误!参数的值中包含非法字符串!\n\n 请不要在参数中出现:;,and,select,update,insert,delete,chr 等非法字符!\n\n不要做无聊的事情!谢谢!');location.href='" & ErrorUrl & "';</Script>")
End Select
Response.End()
End If
End Sub
Public Function MySqlError(ByVal Addr As String, ByVal Info As String)
Dim Ip, TimeInfo, Ok, IE As String
Ip = Request.UserHostAddress.ToString
TimeInfo = Now.ToString
IE = Request.UserAgent.ToString
Dim G, Chr13 As String
Chr13 = Chr(13) + Chr(10)
G = "'#########################################################################" + Chr13
Ok = G
Ok += "'时间:" + TimeInfo + Chr13
Ok += "'IP :" + Ip + Chr13
Ok += "'IE :" + IE + Chr13
Ok += "'地址 :" + Request.Url.ToString + Chr13
Ok += "'#########################################################################" + Chr13
Txt2008(Addr, Ok)
End Function
Public Function Txt2008(ByVal FileName As String, ByVal Str As String) As Integer
Try
Dim My As StreamWriter
FileName = Server.MapPath(FileName)
If File.Exists(FileName) Then
My = New StreamWriter(FileName, True, System.Text.Encoding.Default)
Else
My = New StreamWriter(FileName, True, System.Text.Encoding.Default)
End If
My.WriteLine(Str)
My.Close()
Txt2008 = 0
Catch ex As Exception
htm = htm&(ex.ToString)
Txt2008 = 1
End Try
End Function
#End Region
