|
|
楼主 |
发表于 2007-12-13 10:28:17
|
显示全部楼层
|阅读模式
来自 广东省广州市白云区
<%
Dim GetFlag Rem(提交方式)
Dim ErrorSql Rem(非法字符)
Dim RequestKey Rem(提交数据)
Dim ForI Rem(循环标记)
ErrorSql = \"'~;~and~(~)~exec~update~count~*~%~chr~mid~master~truncate~char~declare\" Rem(敏感字符或者词语用半角 \"~\" 格开)
ErrorSql = split(ErrorSql,\"~\")
If Request.ServerVariables(\"REQUEST_METHOD\")=\"GET\" Then
GetFlag=True
Else
GetFlag=False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0 Then
response.write \"<script>alert(\"\"警告:\\n请不要提交非法参数\"\");location.href=\"\"Sql.asp\"\";</script>\"
Response.End
End If
Next
Next
Else
For Each RequestKey In Request.Form
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.Form(RequestKey)),ErrorSql(ForI))<>0 Then
response.write \"<script>alert(\"\"警告:\\n请不要提交非法参数\"\");location.href=\"\"Sql.asp\"\";</script>\"
Response.End
End If
Next
Next
End If
%> |
|
发表于 2008-6-19 15:41:47
