本文介绍了是这个代码拯救我从sqlinjection攻击的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这段代码是否可以免除sqlinjection攻击? PLZ帮助我...
is this code save me from sqlinjection attack or not? plz help me...
<%
dim mcomments
dim musername
dim museradd
dim museremail
dim musertel
dim data, conn
Function SqlEncode(str)
SqlEncode = Replace(str, "'", "''")
End Function
mcomments =SqlEncode(request.form("comments"))
musername =SqlEncode(request.form("username"))
museradd = SqlEncode(request.form("useradd"))
museremail = SqlEncode(request.form("useremail"))
musertel = SqlEncode(request.form("usertel"))
muserdt = now
%>
<%
set conn=server.createobject("adodb.connection")
mytb = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & server.mappath("tdr.mdb")
conn.Open mytb
Dim mysql
mysql = "insert into feedback(comments,username,useradd,useremail,usertel,userdt) " &_
"values('" & mcomments & "','" &_
musername & "','" &_
museradd & "','" &_
museremail & "','" &_
musertel & "','" &_
muserdt & "')"
conn.execute(mysql)
conn.close
set conn=nothing %>
感谢和问候
thanks and regards
推荐答案
这篇关于是这个代码拯救我从sqlinjection攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!