SQL injection attack refers to exploiting design vulnerabilities, running Sql commands on target servers, and other attacks.
The main reason why the Sql injection attack succeeds when dynamically generating Sql commands.
for example:
If your query statement is select * from admin where username='"&user&"' and password='"&pwd&"'"
Then, if my username is: 1' or '1'='1
Then, your query statement will become:
select * from admin where username='1 or '1'='1' and password='"&pwd&"'"
In this way, your query statement will be passed, and you can enter your management interface.
Therefore, when preventing, you need to check the user's input. Special special characters, such as single quotes, double quotes, semicolons, commas, colons, connections, etc., are converted or filtered.
The special characters and strings that need to be filtered are:
net user
xp_cmdshell
/add
exec master.dbo.xp_cmdshell
net localgroup administrators
select
count
Asc
char
mid
'
:
"
insert
delete from
drop table
update
truncate
from
%
Below are two prevention codes I wrote about solving injection attacks for your learning reference!
JS version of SQL injection attack code ~:
[CODE START]
<script language="javascript">
<!--
var url = location.search;
var re=/^/?(.*)(select%20|insert%20|delete%20from%20|count/(|drop%20table|update%20trate%20|asc/(|mid/(|char/ (|xp_cmdshell|exec%20master|net%20localgroup%20administrators|/"|:|net%20user|/'|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("The address contains illegal characters~");
location.href="error.asp";
}
//-->
<script>
[CODE END]
Asp version of the code to prevent SQL injection attacks ~:
[CODE START]
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("URL")
If Trim(Request.QueryString) <> "" Then strTemp = strTemp & "?" & Trim(Request.QueryString)
strTemp = LCase(strTemp)
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop %20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp ,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators") or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"' ") or Instr(strTemp,"%20or%20") then
Response.Write "<script language='Javascript'>"
Response.Write "alert('Illegal Address!!');"
Response.Write "location.href='error.asp';"
Response.Write "<script>"
End If
%>
[CODE END]
C# check strings to prevent SQL injection attacks
In this example, it is tentatively specified as = and 'numbers
bool CheckParams(params object[] args)
{
string[] Lawlesses={"=","'"};
if(Lawlesses==null||Lawlesses.Length<=0)return true;
//Construct regular expressions, example: Lawlesses is the = sign and the ' sign, then the regular expression is .*[=}'].* (For the related content of regular expressions, please see MSDN)
//In addition, since I want to do general and easy to modify functions, I have another step from character array to regular expressions. In actual use, it is also possible to write regular expressions directly;
string str_Regex=".*[";
for(int i=0;i< Lawlesses.Length-1;i++)
str_Regex+=Lawlesses[i]+"|";
str_Regex+=Lawlesses[Lawlesses.Length-1]+"].*";
//
foreach(object arg in args)
{
if(arg is string)//If it is a string, check directly
{
if(Regex.Matches(arg.ToString(),str_Regex).Count>0)
return false;
}
else if(arg is ICollection)//If it is a collection, check whether the element in the collection is a string. If it is a string, check it
{
foreach(object obj in (ICollection)arg)
{
if(obj is string)
{
if(Regex.Matches(obj.ToString(),str_Regex).Count>0)
return false;
}
}
}
}
return true;