function checkstr(str)
if isnull(str) then
checkstr = ""
exit function
end if
str = replace(str,chr(0),"", 1, -1, 1)
str = replace(str, """", """, 1, -1, 1)
str = replace(str,"<;","<;", 1, -1, 1)
str = replace(str,">;",">;", 1, -1, 1)
str = replace(str, "script", "script", 1, -1, 0)
str = replace(str, "script", "script", 1, -1, 0)
str = replace(str, "script", "script", 1, -1, 0)
str = replace(str, "script", "script", 1, -1, 1)
str = replace(str, "object", "object", 1, -1, 0)
str = replace(str, "object", "object", 1, -1, 0)
str = replace(str, "object", "object", 1, -1, 0)
str = replace(str, "object", "object", 1, -1, 1)
str = replace(str, "applet", "applet", 1, -1, 0)
str = replace(str, "applet", "applet", 1, -1, 0)
str = replace(str, "applet", "applet", 1, -1, 0)
str = replace(str, "applet", "applet", 1, -1, 1)
str = replace(str, "[", "[")
str = replace(str, "]", "]")
str = replace(str, """", "", 1, -1, 1)
str = replace(str, "=", "=", 1, -1, 1)
str = replace(str, "’", "’’", 1, -1, 1)
str = replace(str, "select", "select", 1, -1, 1)
str = replace(str, "execute", "execute", 1, -1, 1)
str = replace(str, "exec", "exec", 1, -1, 1)
str = replace(str, "join", "join", 1, -1, 1)
str = replace(str, "union", "union", 1, -1, 1)
str = replace(str, "where", "where", 1, -1, 1)
str = replace(str, "insert", "insert", 1, -1, 1)
str = replace(str, "delete", "delete", 1, -1, 1)
str = replace(str, "update", "update", 1, -1, 1)
str = replace(str, "like", "like", 1, -1, 1)
str = replace(str, "drop", "drop", 1, -1, 1)
str = replace(str, "create", "create", 1, -1, 1)
str = replace(str, "rename", "rename", 1, -1, 1)
str = replace(str, "count", "count", 1, -1, 1)
str = replace(str, "chr", "chr", 1, -1, 1)
str = replace(str, "mid", "mid", 1, -1, 1)
str = replace(str, "truncate", "truncate", 1, -1, 1)
str = replace(str, "nchar", "nchar", 1, -1, 1)
str = replace(str, "char", "char", 1, -1, 1)
str = replace(str, "alter", "alter", 1, -1, 1)
str = replace(str, "cast", "cast", 1, -1, 1)
str = replace(str, "exists", "exists", 1, -1, 1)
str = replace(str,chr(13),"<;br>;", 1, -1, 1)
checkstr = replace(str,"’","’’", 1, -1, 1)
end function
相关资讯
- 2005-04-29SQL注入的新技巧
- 2004-02-01SQL注入奇招致胜 UNION查询轻松免费看电影
- 2006-02-06简单三步走堵死SQLServer注入漏洞
- 2004-03-06C#检查字符串,防SQL注入攻击
- 2004-02-05再谈SQL注入入侵动网SQL版
- 2006-05-01从手工注入看防御之Access
- 2008-03-06phpMyAdmin $_REQUEST参数发现SQL注入漏洞
- 2008-08-11SQL Server注入的四种个人经验和技巧方法
- 2007-01-23在PHP中全面阻止SQL注入式攻击之三
- 2008-03-01SQL Server中未公布的扩展存储过程注入
热点搜索
热点文章