asp實(shí)現(xiàn)防止從外部提交數(shù)據(jù)的三種方法腳本之家補(bǔ)充

更新時(shí)間：2023年05月12日 01:24:08 投稿：mdxy-dxy

這篇文章主要介紹了asp實(shí)現(xiàn)防止從外部提交數(shù)據(jù)的三種方法,需要的朋友可以參考下

Function IsSelfRefer()
 Dim sHttp_Referer, sServer_Name
 sHttp_Referer = CStr(Request.ServerVariables("HTTP_REFERER"))
 sServer_Name = CStr(Request.ServerVariables("SERVER_NAME"))
 If Mid(sHttp_Referer, 8, Len(sServer_Name)) = sServer_Name Then
  IsSelfRefer = True
 Else
  IsSelfRefer = False
 End If
End Function

支持https但不支持http的，簡(jiǎn)單修改一下

Function IsSelfRefer()
 Dim sHttp_Referer, sServer_Name
 sHttp_Referer = CStr(Request.ServerVariables("HTTP_REFERER"))
 sServer_Name = CStr(Request.ServerVariables("SERVER_NAME"))
 If Mid(sHttp_Referer, 9, Len(sServer_Name)) = sServer_Name Then
  IsSelfRefer = True
 Else
  IsSelfRefer = False
 End If
End Function

腳本之家小編修改的

Function IsSelfRefer()
Dim sHTTP_REFERER,sSERVER_NAME,sSERVER_NAME_Refer
	sHTTP_REFERER = Cstr(trim(Request.ServerVariables("HTTP_REFERER")))
	sSERVER_NAME = Cstr(trim(Request.ServerVariables("SERVER_NAME")))
	'sSERVER_NAME_Refer =  Mid(sHTTP_REFERER, 9, Len(sSERVER_NAME)) https 8針對(duì)http
If sHTTP_REFERER<>"" then
	sSERVER_NAME_Refer = split(sHTTP_REFERER,"/")(2)
	if sSERVER_NAME = sSERVER_NAME_Refer then
		IsSelfRefer = True
	else
		IsSelfRefer = false
	End if
Else
IsSelfRefer = false
End if
End Function

調(diào)用方法

if isSelfRefer() then
response.write "ok!"
else
response.write "去你的!"
end if

把以上代碼放到aa.asp,如果是直接輸入網(wǎng)址或者是從外部網(wǎng)部鏈接到本站,http://doamain/aa.asp 就會(huì)顯示"去你的",

如果系從本站鏈接到aa.asp,或通過表單提交到aa.asp,將會(huì)顯示ok

可以防止一些偽造表單向站內(nèi)提交數(shù)據(jù)

check_out_post.asp

<!--使用該頁進(jìn)行表單的驗(yàn)證，只需在需驗(yàn)證頁包含該頁即可.-->
<%
Function check_addr()
Dim server_v1,server_v2
check_addr=False
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
If Cstr(Mid(server_v1,8,Len(server_v2)))<>Cstr(server_v2) Then
check_addr=False
Else
check_addr=True
End If
End function
Function check_post()
Dim val
val="post" '指定提交方式
check_post=False
If Lcase(Request.ServerVariables("Request_Method"))=val Then
check_post=True
Else
check_post=False
End if
End Function
'以下是調(diào)用函數(shù)進(jìn)行檢測(cè)，如果不滿足條件則不執(zhí)行該網(wǎng)頁，否則為通過。
If check_addr()=False Then
response.write "請(qǐng)不要使用外部表單提交數(shù)據(jù)."
response.End
End If
If check_post()=False Then
response.write "請(qǐng)使用POST方式提交表單數(shù)據(jù)"
response.End
End If
%>

第二種

<%
Server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
Server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
If  mid(server_v1,8,len(server_v2))<>server_v2  then
    Response.write "警告！你正在從外部提交數(shù)據(jù)??！請(qǐng)立即終止??！"
    Response.End
End if
%>

PHP防止站外提交數(shù)據(jù)的方法

<?
$servername=$HTTP_SERVER_VARS['SERVER_NAME'];
$sub_from=$HTTP_SERVER_VARS["HTTP_REFERER"];
$sub_len=strlen($servername);
$checkfrom=substr($sub_from,7,$sub_len);
if($checkfrom!=$servername){
echo("警告！你正在從外部提交數(shù)據(jù)?。≌?qǐng)立即終止?。?);
exit;
}
?>

下面是幾種補(bǔ)充看看就可以了

第三種

做法，屏蔽特殊字符和關(guān)鍵字

fqys=request.servervariables("query_string")?
dim?nothis(18)?
nothis(0)="net?user"?
nothis(1)="xp_cmdshell"?
nothis(2)="/add"?
nothis(3)="exec%20master.dbo.xp_cmdshell"?
nothis(4)="net?localgroup?administrators"?
nothis(5)="select"?
nothis(6)="count"?
nothis(7)="asc"?
nothis(8)="char"?
nothis(9)="mid"?
nothis(10)="'"?
nothis(11)=":"?
nothis(12)=""""?
nothis(13)="insert"?
nothis(14)="delete"?
nothis(15)="drop"?
nothis(16)="truncate"?
nothis(17)="from"?
nothis(18)="%"?
errc=false?
for?i=?0?to?ubound(nothis)?
if?instr(FQYs,nothis(i))<>0?then?
errc=true?
end?if?
next?
if?errc?then?
response.write?"<script?language=""javascript"">"?
response.write?"parent.alert('很抱歉!你正在試圖攻擊本服務(wù)器或者想取得本服務(wù)器最高管理權(quán)!將直接轉(zhuǎn)向首頁..');"?
response.write?"self.location.href='default.asp';"?
response.write?"</script>"?
response.end?
end?if?

第四種

可以防止客戶從本地提交到網(wǎng)站上

<%?
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))?
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))?
if?mid(server_v1,8,len(server_v2))<>server_v2?then?
response.write?"<br><br><center><table?border=1?cellpadding=20?bordercolor=black?bgcolor=#EEEEEE?width=450>"?
response.write?"<tr><td?style=font:9pt?Verdana>"?
response.write?"你提交的路徑有誤，禁止從站點(diǎn)外部提交數(shù)據(jù)請(qǐng)不要亂該參數(shù)！"?
response.write?"</td></tr></table></center>"?
response.end?
end?if?
%>

第五種

這樣可以防止在輸入框上打上or 1=1 的字樣

If?Instr(request("username"),"=")>0?or?
Instr(request("username"),"%")>0?or?
Instr(request("username"),chr(32))>0?or?
Instr(request("username"),"?")>0?or?
Instr(request("username"),"&")>0?or?
Instr(request("username"),";")>0?or?
Instr(request("username"),",")>0?or?
Instr(request("username"),"'")>0?or?
Instr(request("username"),"?")>0?or?
Instr(request("username"),chr(34))>0?or?
Instr(request("username"),chr(9))>0?or?
Instr(request("username"),"　")>0?or?
Instr(request("username"),"$")>0?or?
Instr(request("username"),">")>0?or?
Instr(request("username"),"<")>0?or?
Instr(request("username"),"""")>0?then?
response.write?"<script?language=""javascript"">"?
response.write?"parent.alert('很抱歉!你正在試圖攻擊本服務(wù)器或者想取得本服務(wù)器最高管理權(quán)!將直接轉(zhuǎn)向首頁..');"?
response.write?"self.location.href='default.asp';"?
response.write?"</script>"?
response.end?
end if

到此這篇關(guān)于asp實(shí)現(xiàn)防止從外部提交數(shù)據(jù)的三種方法的文章就介紹到這了,更多相關(guān)asp判斷外部提交數(shù)據(jù)內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！