<%
'Declare variables
Dim sUsername, sPassword
'retrieve our form textbox values and assign to variables
sUsername=Request.Form("txtUsername")
sPassword=Request.Form("txtPassword")
'Call the function IllegalChars to check for illegal characters
If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
Response.redirect("no_access.asp")
End If
'Function IllegalChars to guard against SQL injection
Function IllegalChars(sInput)
'Declare variables
Dim sBadChars, iCounter
'Set IllegalChars to False
IllegalChars=False
'Create an array of illegal characters and words
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "")
'Loop through array sBadChars using our counter & UBound function
For iCounter = 0 to uBound(sBadChars)
'Use Function Instr to check presence of illegal character in our variable
If Instr(sInput,sBadChars(iCounter))>0 Then
IllegalChars=True
End If
Next
End function
%>
1 Temmuz 2007 Pazar
Protecting against SQL injection Attacks
Subscribe to:
Kayıt Yorumları (Atom)
0 Comments:
Post a Comment