chksql.asp

WEB客户管理系统+小型OA系统。一个不错的程序

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" >
<%
dim sql_injdata ,SQL_inj,SQL_Get,SQL_Data,SQL_Post
SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" 
SQL_inj = split(SQL_Injdata,"|") 

If Request.QueryString<>"" Then 
For Each SQL_Get In Request.QueryString 
For SQL_Data=0 To Ubound(SQL_inj) 
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then 
Response.Write "<Script Language=javascript>alert('SQL通用防注入系统提示,你每一次的非法操作都记录在案！');history.back(-1)</Script>" 
Response.end 
end if 
next 
Next 
End If 
If Request.Form<>"" Then 
For Each Sql_Post In Request.Form 
For SQL_Data=0 To Ubound(SQL_inj) 
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then 
Response.Write "<Script Language=javascript>alert('SQL通用防注入系统提示,你每一次的非法操作都记录在案!');history.back(-1)</Script>" 
Response.end 
end if 
next 
next 
end if 
%>
<!--對非法輸入的特殊字符進行轉換--> 
<%
dim user,pwd
sub programe(str1,str2)
user=Replace(Replace(Replace(Replace(Replace(str1,"’",""),"or",""),"and",""),"--",""),";","")
pwd=Replace(Replace(Replace(Replace(Replace(str2,"’",""),"or",""),"and",""),"--",""),";","")
end sub
%>