最新下载
热门教程
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
asp非法字符过滤函数sql防注入
时间:2009-07-03 编辑:简简单单 来源:一聚教程网
On Error Resume Next
Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))
On Error Resume Next
for Fy_x=0 to ubound(Fy_a)
Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next
For Fy_x=0 to ubound(Fy_Cs)
If Fy_Cs(Fy_x)<>"" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x)))," ")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"from")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"exec")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"xp_cmdshell")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"user")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"net")<>0 Then
Select Case Fy_Cl
Case "1"
Response.Write ""
Case "2"
Response.Write ""
Case "3"
Response.Write ""
End Select
Response.End
End If
End If
Next
-
上一个: asp存储过程分页函数
-
下一个: asp ubb转函数
相关文章
- VBS 批量Ping的项目讲解 09-19
- 如何封装一个Ajax函数介绍 09-16
- ASP实现加法验证码方法 09-16
- ASP错误捕获的几种常规处理方法介绍 09-16
- ajax实现城市三级联动的代码介绍 09-16
- asp中获取日期为星期几的技巧 09-14