sql.asp

全站生成htm静态页面

<%
'--------定义部份------------------
Dim Wt_Post,Wt_Get,Wt_In,Wt_Inf,Wt_Xh,Wt_db,Wt_dbstr
'自定义需要过滤的字串,用 "筠" 分隔
Wt_In = "'筠;筠and筠exec筠insert筠select筠delete筠update筠count筠*筠%筠chr筠mid筠master筠truncate筠-筠char筠declare"
'----------------------------------
%>
<%
Wt_Inf = split(Wt_In,"筠")
If Request.Form<>"" Then
For Each Wt_Post In Request.Form
For Wt_Xh=0 To Ubound(Wt_Inf)
If Instr(LCase(Request.Form(Wt_Post)),Wt_Inf(Wt_Xh))<>0 Then
Response.Write "非法操作！系统做了如下记录↓请注意您的意图<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式：ＰＯＳＴ<br>"
Response.Write "提交参数："&Wt_Post&"<br>"
Response.Write "提交数据："&Request.Form(Wt_Post)
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each Wt_Get In Request.QueryString
For Wt_Xh=0 To Ubound(Wt_Inf)
If Instr(LCase(Request.QueryString(Wt_Get)),Wt_Inf(Wt_Xh))<>0 Then
Response.Write "非法操作！系统做了如下记录↓请注意您的意图<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式：ＧＥＴ<br>"
Response.Write "提交参数："&Wt_Get&"<br>"
Response.Write "提交数据："&Request.QueryString(Wt_Get)
Response.End
End If
Next
Next
End If
%>