网站的SQL数据库安全问题!

王朝知道·作者佚名  2010-07-14
窄屏简体版  字體: |||超大  
 
分類: 電腦/網絡 >> 程序設計 >> 其他編程語言
 
問題描述:

我刚做了个比较完整的网站,可以注册,充值等等,用的是sql数据库,但并没有进行过任何的安全处理,也不了解应该如何加密,请问我应该怎样做,应该加如一些什么语句或设置?

參考答案:

'替换非法字符函数

Function SQLFixup(TextIn)

SQLFixup = Replace(TextIn, "'", "''", 1)

SQLFixup = Replace(TextIn,Chr(0),"", 1, -1, 1)

SQLFixup = Replace(TextIn, """", """, 1, -1, 1)

SQLFixup = Replace(TextIn,"<","<", 1, -1, 1)

SQLFixup = Replace(TextIn,">",">", 1, -1, 1)

SQLFixup = Replace(TextIn, "script", "script", 1, -1, 0)

SQLFixup = Replace(TextIn, "SCRIPT", "SCRIPT", 1, -1, 0)

SQLFixup = Replace(TextIn, "Script", "Script", 1, -1, 0)

SQLFixup = Replace(TextIn, "script", "Script", 1, -1, 1)

SQLFixup = Replace(TextIn, "object", "object", 1, -1, 0)

SQLFixup = Replace(TextIn, "OBJECT", "OBJECT", 1, -1, 0)

SQLFixup = Replace(TextIn, "Object", "Object", 1, -1, 0)

SQLFixup = Replace(TextIn, "object", "Object", 1, -1, 1)

SQLFixup = Replace(TextIn, "applet", "applet", 1, -1, 0)

SQLFixup = Replace(TextIn, "APPLET", "APPLET", 1, -1, 0)

SQLFixup = Replace(TextIn, "Applet", "Applet", 1, -1, 0)

SQLFixup = Replace(TextIn, "applet", "Applet", 1, -1, 1)

SQLFixup = Replace(TextIn, "[", "[")

SQLFixup = Replace(TextIn, "]", "]")

SQLFixup = Replace(TextIn, """", "", 1, -1, 1)

SQLFixup = Replace(TextIn, "=", "=", 1, -1, 1)

SQLFixup = Replace(TextIn, "'", "''", 1, -1, 1)

SQLFixup = Replace(TextIn, "select", "select", 1, -1, 1)

SQLFixup = Replace(TextIn, "execute", "execute", 1, -1, 1)

SQLFixup = Replace(TextIn, "exec", "exec", 1, -1, 1)

SQLFixup = Replace(TextIn, "join", "join", 1, -1, 1)

SQLFixup = Replace(TextIn, "union", "union", 1, -1, 1)

SQLFixup = Replace(TextIn, "where", "where", 1, -1, 1)

SQLFixup = Replace(TextIn, "insert", "insert", 1, -1, 1)

SQLFixup = Replace(TextIn, "delete", "delete", 1, -1, 1)

SQLFixup = Replace(TextIn, "update", "update", 1, -1, 1)

SQLFixup = Replace(TextIn, "like", "like", 1, -1, 1)

SQLFixup = Replace(TextIn, "drop", "drop", 1, -1, 1)

SQLFixup = Replace(TextIn, "create", "create", 1, -1, 1)

SQLFixup = Replace(TextIn, "rename", "rename", 1, -1, 1)

SQLFixup = Replace(TextIn, "count", "count", 1, -1, 1)

SQLFixup = Replace(TextIn, "chr", "chr", 1, -1, 1)

SQLFixup = Replace(TextIn, "mid", "mid", 1, -1, 1)

SQLFixup = Replace(TextIn, "truncate", "truncate", 1, -1, 1)

SQLFixup = Replace(TextIn, "nchar", "nchar", 1, -1, 1)

SQLFixup = Replace(TextIn, "char", "char", 1, -1, 1)

SQLFixup = Replace(TextIn, "alter", "alter", 1, -1, 1)

SQLFixup = Replace(TextIn, "cast", "cast", 1, -1, 1)

SQLFixup = Replace(TextIn, "exists", "exists", 1, -1, 1)

SQLFixup = Replace(TextIn,Chr(13),"<br>", 1, -1, 1)

End Function

给你一段防注入的函数

使用方法

SQLFixup(参数值)

小贴士:① 若网友所发内容与教科书相悖,请以教科书为准;② 若网友所发内容与科学常识、官方权威机构相悖,请以后者为准;③ 若网友所发内容不正确或者违背公序良俗,右下举报/纠错。
 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航