防止数据注入攻击的一段代码
<%
function checkinject(StrTemp)
StrTemp=request.servervariables("server_name")&request.servervariables("url")&"?"&Request.QueryString
StrTemp=Trim(StrTemp)
StrTemp=LCase(StrTemp)
If Instr(StrTemp,"select%20") or Instr(StrTemp,"insert%20") or
Instr(StrTemp,"delete%20from") or Instr(StrTemp,"count(") or
Instr(StrTemp,"drop%20table") or Instr(StrTemp,"asc(") or
Instr(StrTemp,"truncate%20") or Instr(StrTemp,"update%20") or
Instr(StrTemp,"mid(") or
Instr(StrTemp,"chat(") or Instr(StrTemp,"xp_cmdshell") or
Instr(StrTemp,"exec%20master") or
Instr(StrTemp,"net%20localgroup administrator") or
Instr(StrTemp,"net%20user") or
Instr(StrTemp,"%20or") or Instr(StrTemp,"%20and") or
Instr(StrTemp,"""") or Instr(StrTemp,"") or Instr(StrTemp,"“") or
Instr(StrTemp,"”") or Instr(StrTemp,":") or Instr(StrTemp,": ") or
Instr(StrTemp,";") or Instr(StrTemp,"; ") or Instr(StrTemp,",") or
Instr(StrTemp,", ") or Instr(StrTemp,"-") or Instr(StrTemp,"%27") or
Instr(StrTemp,"select") or Instr(StrTemp,"delete")or Instr(StrTemp,"drop")or
Instr(StrTemp,"update")or Instr(StrTemp,"cmd")or Instr(StrTemp,"net1")or
Instr(StrTemp,"shell")or Instr(StrTemp,"exe")or Instr(StrTemp,"%20")or
Instr(StrTemp,"master")or Instr(StrTemp,"insert") or Instr(StrTemp,"or")or
Instr(StrTemp,"*") then
Response.Write"<script language=javascript>alert(对不起,您的数据可能存在安全隐患,所以被禁止了!);history.back();</script>"
function checkinject(StrTemp)
StrTemp=request.servervariables("server_name")&request.servervariables("url")&"?"&Request.QueryString
StrTemp=Trim(StrTemp)
StrTemp=LCase(StrTemp)
If Instr(StrTemp,"select%20") or Instr(StrTemp,"insert%20") or
Instr(StrTemp,"delete%20from") or Instr(StrTemp,"count(") or
Instr(StrTemp,"drop%20table") or Instr(StrTemp,"asc(") or
Instr(StrTemp,"truncate%20") or Instr(StrTemp,"update%20") or
Instr(StrTemp,"mid(") or
Instr(StrTemp,"chat(") or Instr(StrTemp,"xp_cmdshell") or
Instr(StrTemp,"exec%20master") or
Instr(StrTemp,"net%20localgroup administrator") or
Instr(StrTemp,"net%20user") or
Instr(StrTemp,"%20or") or Instr(StrTemp,"%20and") or
Instr(StrTemp,"""") or Instr(StrTemp,"") or Instr(StrTemp,"“") or
Instr(StrTemp,"”") or Instr(StrTemp,":") or Instr(StrTemp,": ") or
Instr(StrTemp,";") or Instr(StrTemp,"; ") or Instr(StrTemp,",") or
Instr(StrTemp,", ") or Instr(StrTemp,"-") or Instr(StrTemp,"%27") or
Instr(StrTemp,"select") or Instr(StrTemp,"delete")or Instr(StrTemp,"drop")or
Instr(StrTemp,"update")or Instr(StrTemp,"cmd")or Instr(StrTemp,"net1")or
Instr(StrTemp,"shell")or Instr(StrTemp,"exe")or Instr(StrTemp,"%20")or
Instr(StrTemp,"master")or Instr(StrTemp,"insert") or Instr(StrTemp,"or")or
Instr(StrTemp,"*") then
Response.Write"<script language=javascript>alert(对不起,您的数据可能存在安全隐患,所以被禁止了!);history.back();</script>"
浙公网安备 33010602011771号