SQL injection has been tasted by the so-called hacker masters of those rookie levels. It is found that most of the hacker invasion is achieved based on SQL injection. Oh, who makes this entry easy, ok, don't say nonsense, now I start to say If you write a universal SQL anti-enterprise, the HTTP request is not approach GET and POST, so as long as we filter all POST or the parameter information in the POST or GET request, we implement the HTTP request information filtering. It is determined whether it is subjected to SQL injection attack. The GET request passed to the ASP.dll is in the form of a string, and when it is passed to the request.QueryString data, the ASP parser analyzes the information of Request.QueryString, and then divides each array according to "&" The data is described in the data: First we define the following characters in the request: '| and | exec | Insert | SELECT | DELETE | Update | Count | * |% | CHR | MID | Master | TRUNCATE | CHAR | DECLARE The characters are separated by "|", then we judge the obtained Request.QueryString, the specific code is as follows: DIM SQL_INJDATA SQL_INJDATA = "'| and | EXEC | INSERT | SELECT | DELETE | Update | Count | * |% | CHR | mid | master | truncate | char | declare "SQL_inj = split (SQL_Injdata," | ") If Request.QueryString <>" "Then For Each SQL_Get In Request.QueryString For SQL_Data = 0 To Ubound (SQL_inj) if instr (Request. QueryString (SQL_GET), SQL_INJ (SQL_DATA))> 0 Then Response.write "
