asp 删除数据库记录
作者:袖梨
2022-06-29
id = saferequest("id")
sql="delete from table1 where whereid>"&id&""
rs.open sql,conn,1,3
response.write ""
set rs=nothing
set conn=nothing
'这是过滤非法字符函数
function saferequest(paraname)
dim paravalue
paravalue=request(paraname)
if isnumeric(paravalue) = true then
saferequest=paravalue
exit function
elseif instr(lcase(paravalue),"select ") > 0 or instr(lcase(paravalue),"insert ") > 0 or instr(lcase(paravalue),"delete from") > 0 or instr(lcase(paravalue),"count(") > 0 or instr(lcase(paravalue),"drop table") > 0 or instr(lcase(paravalue),"update ") > 0 or instr(lcase(paravalue),"truncate ") > 0 or instr(lcase(paravalue),"asc(") > 0 or instr(lcase(paravalue),"mid(") > 0 or instr(lcase(paravalue),"char(") > 0 or instr(lcase(paravalue),"xp_cmdshell") > 0 or instr(lcase(paravalue),"exec master") > 0 or instr(lcase(paravalue),"net localgroup administrators") > 0 or instr(lcase(paravalue)," and ") > 0 or instr(lcase(paravalue),"net user") > 0 or instr(lcase(paravalue)," or ") > 0 or instr(lcase(paravalue),"""")>0 or instr(lcase(paravalue),"'")>0 then
response.write "请不要在函数中加入非法字符!"
response.end
else
saferequest=paravalue
end if
end function
相关文章
-
深海迷航2生物反应堆蓝图获取指南-生物反应堆解锁方法详解
游戏攻略 2026-05-24
-
Zeb Orrelios身份解析:揭秘Din Djarin在《The Mandalorian and Grogu》中的关键新盟友
游戏攻略 2026-05-24
-
深海迷航2石英前期获取指南-石英采集方法与技巧
游戏攻略 2026-05-24
-
深海刮刮乐体验如何:深海刮刮乐详细玩法解析
游戏攻略 2026-05-24
-
今日限时特惠:M5 MacBook Air_AirPods Pro 3_Monster Hunter Stories 3等多款好物
游戏攻略 2026-05-24
-
每日瑜伽:怎样调整你的练习目标
游戏攻略 2026-05-24
