如何为我的反馈页面安全sql注入攻击 [英] how to be secure sql injection attack for my feedback page

查看:78
本文介绍了如何为我的反馈页面安全sql注入攻击的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述



我是asp经典的新用户我创建了一个页面名称feedbaack,我有一些像电子邮件和反馈这样的字段,现在运行一个简单的插入查询我想知道如何我将保护我的网站免受任何攻击这里是我的两个问题也首先是我如何使用代码来防止SQL注入攻击。第二个是plz提供帮助来创建验证码图像也适用于经典的asp。

感谢我附在这里我的代码PLZ审查所以我可以正常工作

< !DOCTYPE HTML PUBLIC - // W3C // DTD HTML 4.0过渡// EN >

将HTML>< HEAD>< TITLE>无标题文档< / TITLE>

< META http-equiv = Content-Type content =text / html; charset = x-user-defined>

< SCRIPT language = JavaScript type = text / JavaScript>

<! -





函数MM_reloadPage(init){//重新加载窗口如果Nav4调整了

if(init == true)with(navigator){if((appName ==Netscape)&&(parseInt(appVersion)== 4)){<

document.MM_pgW = innerWidth; document.MM_pgH = innerHeight;在onResize = MM_reloadPage; } $

else if(innerWidth!= document.MM_pgW || innerHeight!= document.MM_pgH)location.reload();

}

MM_reloadPage(true);

// - >

< / SCRIPT>

< META content =MSHTML 6.00。 2800.1476\" 名称= GENERATOR>

将/ HEAD>

将正文=#000000 BGCOLOR =#eefcff LEFTMARGIN = 0 TOPMARGIN = 0>



border = 0>





< IMG height = 36 src =images / Head_01.gif

width = 198>< IMG height = 36 src =images / Head_02.gifwidth = 199>< IMG

height = 36 src =images /Head_03.gifwidth = 197>< IMG height = 36

src =images / Head_04.gifwidth = 185>


< IMG height = 39

src =images / Head_05.gifwidth = 198 border = 0>< IMG height = 39

src =images / Head_06.gifwidth = 199>< IMG height = 39

src =images / Head_07.gifwidth = 197>< IMG height = 39

src =images / Head_08.gifwidth = 185>










Hi,
I am new user for asp classic i create a page name feedbaack where i have some feilds like name email and feedback and run a simple query of insert now i would like to know how i will secure my site from any attack here is mine two question also first is that how i use code to prevent sql injection attack. and second is plz provide help to create captcha image for this also in classic asp.
Thanks i attached here my code plz review so i can do my work properly
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Untitled Document</TITLE>
<META http-equiv=Content-Type content="text/html; charset=x-user-defined">
<SCRIPT language=JavaScript type=text/JavaScript>
<!--


function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</SCRIPT>
<META content="MSHTML 6.00.2800.1476" name=GENERATOR>
</HEAD>
<BODY text=#000000 bgColor=#eefcff leftMargin=0 topMargin=0>

border=0>


<IMG height=36 src="images/Head_01.gif"
width=198><IMG height=36 src="images/Head_02.gif" width=199><IMG
height=36 src="images/Head_03.gif" width=197><IMG height=36
src="images/Head_04.gif" width=185>

<IMG height=39
src="images/Head_05.gif" width=198 border=0><IMG height=39
src="images/Head_06.gif" width=199><IMG height=39
src="images/Head_07.gif" width=197><IMG height=39
src="images/Head_08.gif" width=185>









color =#2c5783> ; 



color=#2c5783> 



href =Index.htm>主页





color =#2c5783> 



color=#2c5783> 



size = 1>反馈





color =#2c5783> 



color=#2c5783> 

联系我们



 


< / STYLE>

<%

dim mcomments

dim musername

dim museradd

dim museremail

dim musertel

昏暗的数据,conn



mcomments = request.form(comments )

musername = request.form(username)

museradd = request.form(useradd)

museremail = request。 form(useremail)

musertel = request.form(usertel)

muserdt = now

%>





















< tr>
姓名

<%response.write(musername)%>

地址

<%response.write(museradd)%>

电话号码

< %response.write(musertel)%>

电子邮件

<%response.write(museremail)%>

评论/建议

<%response .write(mcomments)%>

日期

<%response.write(muserdt)% >



<%



set conn = server.createobject(adodb.connection)



mytb =DRIVER = {Microsoft Access Driver(* .mdb)}; DBQ =& server.mappath(tdr.mdb)

conn.Open mytb



昏暗的mysql

mysql =插入反馈(评论,用户名,useradd,useremail,usertel,userdt)& _

values(''& mcomments&'',' '& _

musername&'',''& _

museradd&'',''& _

museremail&'',''& _

musertel&'',''& _

muserdt& '')

conn.execute(mysql)

conn.close

set conn = nothing%>







< form method =POSTaction =feedback.shtm>










 

</STYLE>
<%
dim mcomments
dim musername
dim museradd
dim museremail
dim musertel
dim data, conn

mcomments = request.form("comments")
musername = request.form("username")
museradd = request.form("useradd")
museremail = request.form("useremail")
musertel = request.form("usertel")
muserdt = now
%>











Name
<% response.write(musername) %>
Address
<% response.write(museradd) %>
Telephone No.
<% response.write(musertel) %>
Email
<% response.write(museremail) %>
Comments / Suggestions
<% response.write(mcomments) %>
Date
<% response.write(muserdt) %>

<%

set conn=server.createobject("adodb.connection")

mytb = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & server.mappath("tdr.mdb")
conn.Open mytb

Dim mysql
mysql = "insert into feedback(comments,username,useradd,useremail,usertel,userdt) " &_
"values(''" & mcomments & "'',''" &_
musername & "'',''" &_
museradd & "'',''" &_
museremail & "'',''" &_
musertel & "'',''" &_
muserdt & "'')"
conn.execute(mysql)
conn.close
set conn=nothing %>




<form method="POST" action="feedback.shtm">




感谢您发送给我们

评论/建议









< ; input type =submitvalue =OKname =B1style =background-color:#b7cce4;颜色:rgb(255,255,255)>





< / form>

 



</form>

 

推荐答案

我回答了这个问题在你以后的帖子中。
I answered this in your later post.


这篇关于如何为我的反馈页面安全sql注入攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆