'asp+mssql sql인젝션'에 해당되는 글 1건

  1. 2010/08/01 visualp asp , sql 인젝션 관련 함수
Function UploadClearVar(sVar)
  Dim str
  str = Trim(Upload(sVar))
 
  If str <> "" Then
   str = Replace(str,"'","''")
   str = Replace(str,";","")
   'str = Replace(str, "(", "&#40;")
      'str = Replace(str, ")", "&#41;")
      'str = Replace(str, "#", "&#35;")
      str = Replace(str, "&", "&#38;")
   str = Replace(str,">","&gt;")
   str = Replace(str,"<","&lt;")
   str = Replace(str, "%", "")
   str = Replace(str, "--", "")
   str = Replace(str, "/*", "")
   str = Replace(str, "*/", "")  
   str = Replace(LCase(str), "cookie", "cook1e")
   str = Replace(LCase(str), "document", "d0cument")
   str = Replace(LCase(str), "script", "scr1pt")
   str = replace(LCase(str), "iframe", "ifr@me")
   str = Replace(LCase(str), "@variable", "")
      str = Replace(LCase(str), "@@variable", "")
      str = Replace(LCase(str), "print", "")
      str = Replace(LCase(str), "set", "")       
      str = Replace(LCase(str), "or", "")
      str = Replace(LCase(str), "union", "")
      str = Replace(LCase(str), "and", "")
   str = Replace(LCase(str), "select", "")
      str = Replace(LCase(str), "insert", "")
   str = Replace(LCase(str), "update", "")
   str = Replace(LCase(str), "delete", "")
      str = Replace(LCase(str), "openrowset", "")
   str = Replace(LCase(str), "declare", "")
   str = Replace(LCase(str), "shutdown", "")
      str = Replace(LCase(str), "drop", "")
   str = Replace(LCase(str), "xp_", "")
  End IF
 
  UploadClearVar = str
 End Function

Function UploadClearVar(sVar)
  Dim str
  str = Trim(Upload(sVar))
 
  If str <> "" Then
   str = Replace(str,"'","''")
   str = Replace(str,";","")
   'str = Replace(str, "(", "&#40;")
      'str = Replace(str, ")", "&#41;")
      'str = Replace(str, "#", "&#35;")
      str = Replace(str, "&", "&#38;")
   str = Replace(str,">","&gt;")
   str = Replace(str,"<","&lt;")
   str = Replace(str, "%", "")
   str = Replace(str, "--", "")
   str = Replace(str, "/*", "")
   str = Replace(str, "*/", "")  
   str = Replace(LCase(str), "cookie", "cook1e")
   str = Replace(LCase(str), "document", "d0cument")
   str = Replace(LCase(str), "script", "scr1pt")
   str = replace(LCase(str), "iframe", "ifr@me")
   str = Replace(LCase(str), "@variable", "")
      str = Replace(LCase(str), "@@variable", "")
      str = Replace(LCase(str), "print", "")
      str = Replace(LCase(str), "set", "")       
      str = Replace(LCase(str), "or", "")
      str = Replace(LCase(str), "union", "")
      str = Replace(LCase(str), "and", "")
   str = Replace(LCase(str), "select", "")
      str = Replace(LCase(str), "insert", "")
   str = Replace(LCase(str), "update", "")
   str = Replace(LCase(str), "delete", "")
      str = Replace(LCase(str), "openrowset", "")
   str = Replace(LCase(str), "declare", "")
   str = Replace(LCase(str), "shutdown", "")
      str = Replace(LCase(str), "drop", "")
   str = Replace(LCase(str), "xp_", "")
  End IF
 
  UploadClearVar = str
 End Function
2010/08/01 16:03 2010/08/01 16:03
받은 트랙백이 없고, 댓글이 없습니다.

댓글+트랙백 RSS :: http://blog.visualp.com/rss/response/299

댓글+트랙백 ATOM :: http://blog.visualp.com/atom/response/299