'Function to sql injection by url inputs
Function Injection (strValue)
IF strValue <> "" Then
If ( Instr(strValue,"union") > 0 OR Instr(strValue,"where") > 0 OR Instr(strValue,"insert") > 0 OR Instr(strValue,"delete") > 0 OR Instr(strValue,"Truncate") > 0 OR Instr(strValue,"update") > 0 OR Instr(strValue,"like") > 0 OR Instr(strValue,"drop") > 0 OR Instr(strValue,"create") > 0 OR Instr(strValue,"modify") > 0 OR Instr(strValue,"rename") > 0 OR Instr(strValue,"alter") > 0 OR Instr(strValue,"cast") > 0 OR Instr(strValue,"href") > 0 OR Instr(strValue,"a href") > 0 OR Instr(strValue,";") > 0) Then
Response.redirect(".././index.asp")
End If
End IF
End Function
'End sql injection Function
'call Function to sql injection by url inputs
Injection Request.ServerVariables("QUERY_STRING")
Best Way to protect our site from SQL injection call SQL Injection function in Global file/Global.asa/connection file.
11 years ago
No comments:
Post a Comment