Sql 订阅所有【Sql】的日志

防SQL注入程序

作者:cmscn 日期:2008-06-01

字体大小:

<%

'防SQL注入程序
                Dim SQL_Key1,SQL_Word,SQL_Get,SQL_Data,SQL_Post
                        SQL_Key1="'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"  '你想屏蔽的关键词
                        SQL_Word=Split(SQL_Key1,"|")

                        If Request.QueryString<>"" Then
                                For Each SQL_Get In Request.QueryString
                                        For SQL_Data=0 To Ubound(SQL_Word)
                                                If Instr(LCase(Request.QueryString(SQL_Get)),SQL_Word(SQL_Data))>0 Then
                                                        Response.Write("<Script Language=Javascript>{location.href='index.htm';}</Script>")
                                                        Response.End()
                                                End If
                                        Next
                                Next
                        End If

                        If Request.Form<>"" Then
                                For Each SQL_Post In Request.Form
                                        For SQL_Data=0 To Ubound(SQL_Word)
                                                If Instr(LCase(Request.Form(SQL_Post)),SQL_Word(SQL_Data))>0 Then
                                                        Response.Write("<Script Language=Javascript>{location.href='index.asp;}</Script>")
                                                        Response.End()
                                                End If
                                        Next
                                Next
                        End If

%>

文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志:
评论: 0 | 引用: 0 | 查看次数: 433
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 20 字 | UBB代码 关闭 | [img]标签 关闭