asp中如何防cookie注入

<%
'该文件可以包含在任何需要调用数据库的ASP文件头部,直接过虑掉非法注入
'调用方法为:

Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa,num
On Error Resume Next
num = 100 '新定义参数 指定字符长度
Fy_In = "'|exec|insert|select|delete|update|del|chr|truncate|char|declare|--|script|*|char|set|(|)|and|mid"
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)

'下面的是加入的部分
if len(Request.Form(Fy_Post)) > num then

end if

If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
call aaa()
End If
Next
Next
End If

'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)

'下面的是加入的部分
if len(Request.QueryString(Fy_Get)) > num then

end if

If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
call aaa()
End If
Next
Next
End If

'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)

'下面的是加入的部分
if len(Request.Cookies(Fy_cook)) > num then

end if

If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
call aaa()
End If

Next
Next
End If



Sub aaa()
response.write ""
Response.end
end Sub
%>

原文http://bbs.sql8.net/showtopic-522.aspx

你可能感兴趣的:(SQL注入,asp,each,include,insert,delete,数据库)