📄 sqlchk.asp
字号:
<%
'----------------------------------
'-- SQLSHK.ASP 防止SQL注入攻击 --
'--------定义部份------------------
Dim Jx_Post,Jx_Get,Jx_In,Jx_Inf,Jx_Xh,Jx_db,Jx_dbstr
'自定义需要过滤的字串,用 "|" 分隔
Jx_In = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
'----------------------------------
Jx_Inf = split(Jx_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Jx_Post In Request.Form
For Jx_Xh=0 To Ubound(Jx_Inf)
If Instr(LCase(Request.Form(Jx_Post)),Jx_Inf(Jx_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>"
Response.Write "alert('请不要在参数中包含非法字符尝试注入!');"
Response.write "javascript:history.go(-1);"&Chr(13)
Response.Write "</Script>"
Response.End
End If
Next
Next
End If
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Jx_Get In Request.QueryString
For Jx_Xh=0 To Ubound(Jx_Inf)
If Instr(LCase(Request.QueryString(Jx_Get)),Jx_Inf(Jx_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>"
Response.Write "alert('请不要在参数中包含非法字符尝试注入!');"
Response.write "javascript:history.go(-1);"&Chr(13)
Response.Write "</Script>"
Response.End
End If
Next
Next
End If
'----------------------------------
%>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -