一个关于避免注入的想法
1、是不是只要输入的字符,在后台程序中,不参与数据库查询操作语句中就没事了?
2、如果使用like语句实现一个内容查询的功能,输入的内容中包含单引号,是否能够被注入??
问题点数:20、回复次数:11Top
1 楼tatty_bad(我总是出现在该出现的地方)回复于 2006-07-03 09:38:42 得分 0
第一个说法是对的,不参与数据库的任何操作,就不存在SQL注入
第二个则要看情况了。Top
2 楼mosangbike(莫桑比克)回复于 2006-07-03 10:03:21 得分 0
能否详细说说,第二种情况在什么样的情况下危险?Top
3 楼xuStanly(依依myLove)回复于 2006-07-03 10:48:45 得分 0
举个例子
如果你的查询语句为:
sql = "select * from table1 where username like '" & q & "'"
如果不做判断,那么当
q = "123'; exec sp_executecmd [expression]; select * from table1 where field1='"
时,你的查询语句则会变为
sql = "select * from table1 where username like '123';exec sp_executecmd ***; select * from table1 where field1=''"
Top
4 楼heroooooo(学习.NET)回复于 2006-07-03 11:02:20 得分 0
第一个也很危险的,可以跨的,不过也不用担心,了解的人不算多.加个防注入很难吗??自己写个函数过滤下就可以了,免得还得设计特殊的sql语句..Top
5 楼slawdan(select 大便 from 粪池 where 蛆数<10)回复于 2006-07-03 11:04:18 得分 0
基本上把查询字串中的'替换成'',就可以了~Top
6 楼heroooooo(学习.NET)回复于 2006-07-03 11:09:05 得分 0
基本上把查询字串中的'替换成'',就可以了~
___________________________
基本上是对头的..Top
7 楼mosangbike(莫桑比克)回复于 2006-07-04 09:14:47 得分 0
基本上把查询字串中的'替换成'',就可以了~
如果如上述所说,那么在asp页面中传递参数的时候,是不是也不用过滤单引号,只要将一个单引号转化为2个单引号就行了?Top
8 楼yongfa365(http://www.yongfa365.com)回复于 2006-07-04 09:19:08 得分 0
'SQL防入库函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=request(ParaName)
if ParaValue = "" then
SafeRequest = ""
exit function
end if
'过虑非法字符
ParaValue = replace(ParaValue,"'","")
ParaValue = replace(ParaValue,"select ","")
ParaValue = replace(ParaValue,"insert ","")
ParaValue = replace(ParaValue,"delete ","")
ParaValue = replace(ParaValue,"count(","")
ParaValue = replace(ParaValue,"drop table ","")
ParaValue = replace(ParaValue,"update ","")
ParaValue = replace(ParaValue,"truncate ","")
ParaValue = replace(ParaValue,"asc(","")
ParaValue = replace(ParaValue,"mid(","")
ParaValue = replace(ParaValue,"char(","")
ParaValue = replace(ParaValue,"xp_cmdshell","")
ParaValue = replace(ParaValue,"exec master","")
ParaValue = replace(ParaValue,"net localgroup administrators","")
ParaValue = replace(ParaValue," and ","")
ParaValue = replace(ParaValue,"net user","")
ParaValue = replace(ParaValue," or ","")
SafeRequest=ParaValue
if IsNumeric(ParaValue) = True then
SafeRequest=ParaValue
exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0 or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
Response.Write "<script language='javascript'>"
Response.Write "alert('可疑的SQL注入请求!');" '发现SQL注入攻击提示信息
Response.Write "window.history.go(-1);" '发现SQL注入攻击转跳网址
Response.Write "<script>"
Response.end
else
SafeRequest=ParaValue
End If
End function
调用时把以前的,trim(request("username"))换成saferequest("username")就可以了Top
9 楼taolixiang(飞扬 怎么还不升级!!...... 哦 ...... 原来是要答对题才能升!)回复于 2006-07-04 10:17:02 得分 0
学习中...Top
10 楼netcs(古城童话)回复于 2006-07-04 10:26:49 得分 0
笑死我,楼上的楼上你搞笑?
你那防注入的方法,正常参数也没了Top
11 楼bclz_vs(边城)回复于 2006-07-04 15:19:33 得分 0
学习Top
