<%
Set pConn = Server.CreateObject("ADODB.Connection")
sConnStr = "Provider=SQLOLEDB.1;User ID=" & DB_user_id & ";password=" & DB_user_pass & ";Initial Catalog=" & DB_name & ";Data Source=" & DB_server_name
pConn.Open sConnStr
Function DBStringCheck(strRequest,strCompare)
if instr(Lcase(strRequest),strCompare) > 0 then
response.Write("오류:입력되지 않아야 할 특수 문자[" & strCompare &"] 입니다.<BR>관리자에게 문의 바랍니다.")
response.end
end if
End Function
For Each item1 in Request.QueryString
'//차단할 단어를 입력
call DBStringCheck(Request.QueryString(item1),chr(39))
call DBStringCheck(Request.QueryString(item1),"exec")
call DBStringCheck(Request.QueryString(item1),"select")
call DBStringCheck(Request.QueryString(item1),"xp_")
call DBStringCheck(Request.QueryString(item1),"char") call DBStringCheck(Request.QueryString(item1),";")
Next
For Each item1 in Request.Form
'//차단할 단어를 입력
call DBStringCheck(Request.Form(item1),chr(39))
call DBStringCheck(Request.Form(item1),"exec")
call DBStringCheck(Request.Form(item1),"select")
call DBStringCheck(Request.Form(item1),"xp_")
call DBStringCheck(Request.Form(item1),"char") call DBStringCheck(Request.Form(item1),";")
Next
%> |
좋은 정보 감사합니다~~ ^-^!!
도움이 되었다니 다행이네요.^^