<%
'************** ASPSecurity SQL 防注入**************
' Copyright 2006
' Create:2006-4-06
' Update:2006-6-01
'***************************************************
If Request.Form<>"" Then StopInjection(Request.Form)
'************** ASPSecurity SQL 防注入**************
' Copyright 2006
' Create:2006-4-06
' Update:2006-6-01
'***************************************************
If Request.Form<>"" Then StopInjection(Request.Form)
If Request.QueryString<>"" Then StopInjection(Request.QueryString)
If Request.Cookies<>"" Then StopInjection(Request.Cookies)
Function StopInjection(values)
For Each N_Get In values
Dim L_Get, L_Get2
For Each L_Get In values
L_Get2 = values(L_Get)
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "(\bselect\b|\sand\s|'|\sdeclare\s)"
If regEx.Test(L_Get2) Then
Alert()
response.End()
End If
Set regEx = Nothing
Next
Next
End Function
Sub Alert()
Dim str
str = "<"&"Script Language=JavaScript"&">"
str = str & "alert('== 雷客图ASP站长安全助手检测到了危险字符,已经禁止本次提交 ==\n');window.close();"
str = str & "<"&"/Script"&">"
response.write str
End Sub
Function StopInjection(values)
For Each N_Get In values
Dim L_Get, L_Get2
For Each L_Get In values
L_Get2 = values(L_Get)
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "(\bselect\b|\sand\s|'|\sdeclare\s)"
If regEx.Test(L_Get2) Then
Alert()
response.End()
End If
Set regEx = Nothing
Next
Next
End Function
Sub Alert()
Dim str
str = "<"&"Script Language=JavaScript"&">"
str = str & "alert('== 雷客图ASP站长安全助手检测到了危险字符,已经禁止本次提交 ==\n');window.close();"
str = str & "<"&"/Script"&">"
response.write str
End Sub
%>
本文转自 simeon2005 51CTO博客,原文链接:http://blog.51cto.com/simeon/113522