<%
'------------------sql zhuru
'-----------防注入代码----------------
'--------定义部份------------------
'Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
'自定义需要过滤的字串,用 "|||" 分隔
Fy_In = "'|||;|||and|||exec|||insert|||select|||delete|||update|||count|||*|||%|||chr|||mid|||master|||truncate|||char|||declare"
'----------------------------------
Fy_Inf = split(Fy_In,"|||")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
response.redirect "http://www.it168.com"
End If
Next
Next
End If
'----------------------------------
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
response.redirect "http://www.it168.com"
End If
Next
Next
End If
''''''''''-----------sql end
%>
更多热点:
论坛
手记
实战
促销
新品
入门
