create function fnSafeDynamicString ( @chvInput nvarchar(max), @bitLikeSafe bit = 0 ) returns nvarchar(max) as begin declare @chvOutput nvarchar(max) set @chvOutput = replace(@chvInput,char(39),char(39)+char(39)) if @bitLikeSafe = 1 begin ---convert square bracket set @chvOutput = replace(@chvOutput,'[','[[]') set @chvoutPut = replace(@chvOutput,']','[]]') ---convert wild cards set @chvOutput = replace(@chvOutput,'%','[%]') set @chvOutput = replace(@chvOutput,'_','[_]') end return (@chvOutput) end
create function fnSafeDynamicString
(
@chvInput nvarchar(max),
@bitLikeSafe bit = 0
)
returns nvarchar(max)
as
begin
declare @chvOutput nvarchar(max)
set @chvOutput = replace(@chvInput,char(39),char(39)+char(39))
if @bitLikeSafe = 1
begin
---convert square bracket
set @chvOutput = replace(@chvOutput,'[','[[]')
set @chvoutPut = replace(@chvOutput,']','[]]')
---convert wild cards
set @chvOutput = replace(@chvOutput,'%','[%]')
set @chvOutput = replace(@chvOutput,'_','[_]')
end
return (@chvOutput)
end
asp里:授权用户的语句改改
例如什么 and,like语句等等易容注入..
http://topic.csdn.net/u/20081205/09/3dd06076-bcbe-45d4-998c-8999fdbe6fae.html