모든 SQL에 Say NO 주입
2663 단어 sql 주입
- Function SafeRequest(ParaName,ParaType)
-
- ’--- ---
-
- ’ParaName: -
-
- ’ParaType: - (1 ,0 )
-
- Dim ParaValue
-
- ParaValue=Request(ParaName)
-
- If ParaType=1 then
-
- If not isNumeric(ParaValue) then
-
- Response.write " " & ParaName & " !"
-
- Response.end
-
- End if
-
- Else
-
- ParaValue=replace(ParaValue,"’","’’")
-
- End if
-
- SafeRequest=ParaValue
-
- End function