防SQL注入的一个SafeRequest
Function SafeRequest(ParaValue)
ParaValue = Trim(Request(ParaValue))
'正则表达式过滤
Set re = New RegExp
'禁止使用的注入字符
re.Pattern = "\|Select|Update|Delete|insert|Count|drop table|truncate|Asc|Mid|char|xp_cmdshell|exec master|net localgroup administrators|And|net user|Or"
re.IgnoreCase = True
re.Global = True
Set Matches = re.Execute(ParaValue)
RegExpTest = Matches.count
'注入处理
If RegExpTest >0 Then
Response.Write "<script language=javascript>alert(可疑的SQL注入请求!);window.history.go(-1);</script>"
response.End
Else
SafeRequest = ParaValue
End If
End Function
ParaValue = Trim(Request(ParaValue))
'正则表达式过滤
Set re = New RegExp
'禁止使用的注入字符
re.Pattern = "\|Select|Update|Delete|insert|Count|drop table|truncate|Asc|Mid|char|xp_cmdshell|exec master|net localgroup administrators|And|net user|Or"
re.IgnoreCase = True
re.Global = True
Set Matches = re.Execute(ParaValue)
RegExpTest = Matches.count
'注入处理
If RegExpTest >0 Then
Response.Write "<script language=javascript>alert(可疑的SQL注入请求!);window.history.go(-1);</script>"
response.End
Else
SafeRequest = ParaValue
End If
End Function
浙公网安备 33010602011771号