Two Functions in ASP to Prevent SQL Injection

web front end five thousand and seventy-six 13 years ago (2011-03-29)
ASP Two Functions to Prevent SQL Injection in
 
The codes are as follows:
  1. '==========================  
  2. ' Filter SQL language rules in the submission form
  3. '==========================  
  4. funCtion ForSqlForm()  
  5. dim fqys,errC,i,items  
  6. dim nothis(18)   
  7. nothis(0)="net user"   
  8. nothis(1)="xp_Cmdshell"   
  9. nothis(2)="/add"   
  10. nothis(3)="exeC%20master.dbo.xp_Cmdshell"   
  11. nothis(4)="net loCalgroup administrators"   
  12. nothis(5)="seleCt"   
  13. nothis(6)="Count"   
  14. nothis(7)="asC"   
  15. nothis(8)="Char"   
  16. nothis(9)="mid"   
  17. nothis(10)="' "    
  18. nothis(11)= ":"     
  19. nothis(12)= "" ""     
  20. nothis(13)= "insert"     
  21. nothis(14)= "delete"     
  22. nothis(15)= "drop"     
  23. nothis(16)= "trunCate"     
  24. nothis(17)= "from"     
  25. nothis(18)= "%"   
  26.   
  27. 'nothis(19)="@"    
  28. errC=false   
  29. for i= 0 to ubound(nothis)   
  30.   for eaCh items in request. Form  
  31.   if instr(request.Form(items),nothis(i))<>0 then   
  32.    response.write("<div>")  
  33. Response. write ("The information you filled in:"&server. HTMLEnCode (request. Form (items))&"<br>contains illegal char:"&nothis (i))  
  34.    response.write("</div>")  
  35. Response. write ("Sorry, the information you filled in contains illegal char!<a href=" "#" "onCliCk=" "history. baCk()" ">Return</a>")  
  36.    response. End()  
  37.   end if   
  38.   next  
  39. next   
  40. end funCtion  
  41. ' ==========================   
  42. 'Filter SQL language rules in query  
  43. ' ==========================   
  44. funCtion ForSqlInjeCtion()   
  45. dim fqys,errC,i   
  46. dim nothis(19)    
  47. fqys = request. ServerVariables( "QUERY_STRING" )   
  48. nothis(0)= "net user"     
  49. nothis(1)= "xp_Cmdshell"     
  50. nothis(2)= "/add"     
  51. nothis(3)= "exeC%20master.dbo.xp_Cmdshell"     
  52. nothis(4)= "net loCalgroup administrators"     
  53. nothis(5)= "seleCt"     
  54. nothis(6)= "Count"     
  55. nothis(7)= "asC"     
  56. nothis(8)= "Char"     
  57. nothis(9)= "mid"     
  58. nothis(10)= "'"     
  59. nothis(11)= ":"     
  60. nothis(12)= "" ""     
  61. nothis(13)= "insert"     
  62. nothis(14)= "delete"     
  63. nothis(15)= "drop"     
  64. nothis(16)= "trunCate"     
  65. nothis(17)= "from"     
  66. nothis(18)= "%"   
  67.   
  68. nothis(19)= "@"      
  69. errC= false     
  70. for  i= 0 to ubound(nothis)    
  71. if  instr(FQYs,nothis(i))<>0 then    
  72. errC= true     
  73. end  if     
  74. next    
  75. if  errC then    
  76. response.write  "Query information contains illegal char!<a href=" "#" " onCliCk=" "history.baCk()" ">Return to</a>"     
  77. response.end    
  78. end  if     
  79. end funCtion