UC知道网站的SQL数据库安全问题!
来源:百度知道 编辑:UC知道 时间:2024/04/27 04:44:10
我刚做了个比较完整的网站,可以注册,充值等等,用的是sql数据库,但并没有进行过任何的安全处理,也不了解应该如何加密,请问我应该怎样做,应该加如一些什么语句或设置?
有位朋友是这样说的:
'替换非法字符函数
Function SQLFixup(TextIn)
SQLFixup = Replace(TextIn, "'", "''", 1)
SQLFixup = Replace(TextIn,Chr(0),"", 1, -1, 1)
SQLFixup = Replace(TextIn, """", """, 1, -1, 1)
SQLFixup = Replace(TextIn,"<","<", 1, -1, 1)
SQLFixup = Replace(TextIn,">",">", 1, -1, 1)
SQLFixup = Replace(TextIn, "script", "script", 1, -1, 0)
SQLFixup = Replace(TextIn, "SCRIPT", "SCRIPT", 1, -1, 0)
SQLFixup = Replace(TextIn, "Script", "Script", 1, -1, 0)
SQLFixup = Replace(TextIn, "script", "Script", 1, -1, 1)
SQLFixup = Replace(TextIn, "object", "object", 1, -1, 0)
SQLFixup = Replace(TextIn,
有位朋友是这样说的:
'替换非法字符函数
Function SQLFixup(TextIn)
SQLFixup = Replace(TextIn, "'", "''", 1)
SQLFixup = Replace(TextIn,Chr(0),"", 1, -1, 1)
SQLFixup = Replace(TextIn, """", """, 1, -1, 1)
SQLFixup = Replace(TextIn,"<","<", 1, -1, 1)
SQLFixup = Replace(TextIn,">",">", 1, -1, 1)
SQLFixup = Replace(TextIn, "script", "script", 1, -1, 0)
SQLFixup = Replace(TextIn, "SCRIPT", "SCRIPT", 1, -1, 0)
SQLFixup = Replace(TextIn, "Script", "Script", 1, -1, 0)
SQLFixup = Replace(TextIn, "script", "Script", 1, -1, 1)
SQLFixup = Replace(TextIn, "object", "object", 1, -1, 0)
SQLFixup = Replace(TextIn,
代码使用办法:
比如网上有两个个输入筐,一个是用户名,一个用户密码。
那么SQL语句验证密码是
string userid = txtUserid.Text;
string szSQL = "select * from user where userid = '" + userid + "';
如果要防止sql注入
要写成string userid = SQLFixup(txtUserid.Text);
string szSQL = "select * from user where userid = '" + userid + "';