消毒在传统的ASP输入好办法 [英] Good way to sanitize input in classic asp
问题描述
我要更新工作的老项目。我没有用传统的ASP任何经验,但我熟悉的PHP脚本。
I have to update old projects at work. I do not have any experience with classic asp, although i'm familiar with php scripting.
- 是否有任何功能,我应该使用?
- 您能给我提供一些基本的保护功能良好?
- 有什么样参数化查询在ASP?
谢谢!
推荐答案
桑德
是的,你可以使用参数化查询,在传统的ASP(更准确地说,经典ADO)。
Yes you can use parametrized queries in classic ASP (more accurately, classic ADO).
下面是一个链接。
至于编码输出,我可能会尝试创建微软最新的防XSS库的包装和的Server.CreateObject调用它。我决不是在这样的,因为我花更多的时间在.net事情的专家,所以我只认为这是可行的。
As for encoding output, I might be tempted to create a wrapper for the latest Microsoft Anti-XSS library and call it with Server.CreateObject. I am far from an expert on this kind of thing as I spend much more time in .Net, so I only think this would work.
Server.HTMLEn code是真的不够好,因为它仅黑名单几个编码字符。反XSS库要好得多,因为它白名单什么是可以接受。
Server.HTMLEncode is really not good enough, as it only blacklists a few encoding characters. The Anti-XSS library is much better as it whitelists what is acceptable.
这篇关于消毒在传统的ASP输入好办法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!