复制代码 代码如下:
<%
'==============================================================检查提交数据合法性
function checkinput()
'--------定义部份------------------
dim fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr,kill_ip,writesql
'自定义需要过滤的字串,用 "|" 分隔
fy_in = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
fy_inf = split(fy_in,"|")
'--------post部份------------------
if request.form <> "" then
for each fy_post in request.form
for fy_xh = 0 to ubound(fy_inf)
if instr(lcase(request.form(fy_post)),fy_inf(fy_xh)) <> 0 then
echo "<script language=javascript>alert('请不要在参数中包含非法字符!');history.go(-1);</script>"
response.end
end if
next
next
end if
'----------------------------------
'--------get部份-------------------
if request.querystring <> "" then
for each fy_get in request.querystring
for fy_xh = 0 to ubound(fy_inf)
if instr(lcase(request.querystring(fy_get)),fy_inf(fy_xh)) <> 0 then
echo "<script language=javascript>alert('请不要在参数中包含非法字符!');history.go(-1);</script>"
response.end
end if
next
next
end if
end function
%>
申明:本教程内容由威凡网编辑整理并提供IT程序员分享学习,如文中有侵权行为,请与站长联系(QQ:254677821)!