i_codesafe.asp

花了2000元买来的,可以使用的自助建站源码-人力资源的

<% 
SQL_injdata = "'|;|and|exec|insert|select|delete|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")

If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
  For SQL_Data=0 To Ubound(SQL_inj)
    if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
     Response.write ""
	 Response.End()
    end if
  next
Next
End If
strtemp=request.servervariables("server_name")&request.servervariables("url")&"?"&request.QueryString
strtemp=lcase(strtemp)
if instr(strtemp,"select%20") or instr(strtemp,"insert%20") or instr(strtemp,"delete%20from") or instr(strtemp,"count(") or instr(strtemp,"drop%20table") or  instr(strtemp,"truncate%20") or instr(strtemp,"asc(") or instr(strtemp,"mid(") or instr(strtemp,"char(") or instr(strtemp,"xp_cmdshell") or instr(strtemp,"exec%20master") or instr(strtemp,"net%20user")  or instr(strtemp,"'") or instr(strtemp,"%20") or instr(strtemp,"""") or instr(strtemp,"“") or instr(strtemp,"”") or instr(strtemp,":") or instr(strtemp,": ") or instr(strtemp,";") or instr(strtemp,"; ") or instr(strtemp,",") or instr(strtemp,", ")  or instr(strtemp,"%27")  then
 Response.write ""
 Response.End()
end if


function Replace_Text(fString)
if isnull(fString) then
Replace_Text=""
exit function
else
fString=trim(fString)
fString=replace(fString,"'","''")
fString=replace(fString,";","；")
fString=replace(fString,"--","—")
fString=replace(fString," and ","")

fString=replace(fString,"select","")
fString=replace(fString,"insert","")
fString=replace(fString,"exec","")
fString=replace(fString,"delete","")
fString=replace(fString,"update","")
fString=replace(fString,"count","")
fString=replace(fString,"mid","")
fString=replace(fString,"truncate","")
fString=replace(fString,"%","")
fString=replace(fString,"chr","")
fString=replace(fString,"master","")
fString=replace(fString,"char","")
fString=replace(fString,"declare","")
fString=replace(fString,"*","")
fString=replace(fString,"from","")
fString=server.htmlencode(fString)
Replace_Text=fString
end if	
end function

Function SafeRequest(ParaName) 
Dim ParaValue 
ParaValue=Request(ParaName)
if IsNumeric(ParaValue)  then
SafeRequest=ParaValue
exit Function

else
ParaValuetemp=lcase(ParaValue)
tempvalue="select |insert |delete from|'|count(|drop table|update |truncate  |asc(|mid(|char(|xp_cmdshell|exec master|net localgroup administrators|net user| and|%20from|exec|select|delete|count|*|%|chr|mid|master|truncate|char|declare"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if  Instr(ParaValuetemp,trim(temps(mycount))) > 0 then
		response.write "非法操作！"
		response.end
end if
next
SafeRequest=ParaValue
end if
End function

Function SafeRequestform(ParaName) 
Dim ParaValue 
ParaValue=request.form(ParaName)
if IsNumeric(ParaValue)  then
SafeRequestform=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select |insert |delete from|'|count(|drop table|update |truncate  |asc(|mid(|char(|xp_cmdshell|exec master|net localgroup administrators|net user|  and|%20from|exec|select|delete|count|*|%|chr|mid|master|truncate|char|declare"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if  Instr(ParaValuetemp,trim(temps(mycount))) > 0 then
		Response.write ""
		response.end
end if
next
SafeRequestform=ParaValue
end if
End function

Sub Check_url()
If Instr(Lcase(request.serverVariables("HTTP_REFERER")),Lcase(request.ServerVariables("SERVER_NAME")))=0 then
 Response.write ""
 response.End()
End if 
End sub

Sub Check_ID(ID)
 If Len(ID)>0 then
  If Len(ID)>8 Then
   Response.write ""
   Response.End()
  End If
  If IsNumeric(ID)=False Then
   Response.write ""
   Response.End()
  End If  
 Else
   Response.write ""
   Response.End()  
 END If
End Sub

Function HTMLEncode(fString)
If not isnull(fString) then
    fString = replace(fString, ">", "&gt;")
    fString = replace(fString, "<", "&lt;")

    fString = Replace(fString, CHR(32), "&nbsp;")
    fString = Replace(fString, CHR(9), "&nbsp;")
    fString = Replace(fString, CHR(34), "&quot;")
    fString = Replace(fString, CHR(39), "&#39;")
    fString = Replace(fString, CHR(13), "")
    fString = Replace(fString, CHR(10) & CHR(10), "</P><P> ")
    fString = Replace(fString, CHR(10), "<BR> ")

    'fString=ChkBadWords(fString)
    HTMLEncode = fString
End if
End function




 %>