📄 fsql.asp

📁 3ani桑尼网络wap导航程序wap导航程序wap导航程序
💻 ASP
字号:
<%
Function CheckStr(ChkStr) '检查无效字符
    Dim ParaValue
    ParaValue = ChkStr
    ParaValue = Trim(ParaValue)
    CheckStr = 1
    If IsNull(ParaValue) Or ParaValue = "" Then
        CheckStr = 0
        
        Exit Function
    End If
    If InStr(ParaValue, "'") Then CheckStr = -1
    If InStr(ParaValue, ";") Then CheckStr = -1
      If InStr(ParaValue, """") Then CheckStr = -1
        If InStr(LCase(ParaValue), "select") Then CheckStr = -1
        If InStr(LCase(ParaValue), "insert") Then CheckStr = -1
        If InStr(LCase(ParaValue), "declare") Then CheckStr = -1
        If InStr(LCase(ParaValue), "Drop") Then CheckStr = -1
        If InStr(LCase(ParaValue), "update") Then CheckStr = -1
        If InStr(LCase(ParaValue), "delete") Then CheckStr = -1
        If InStr(LCase(ParaValue), "create") Then CheckStr = -1
        If InStr(LCase(ParaValue), "modify") Then CheckStr = -1
        If InStr(LCase(ParaValue), "alter") Then CheckStr = -1
        If InStr(LCase(ParaValue), "rename") Then CheckStr = -1
        If InStr(LCase(ParaValue), "join") Then CheckStr = -1
        If InStr(LCase(ParaValue), "where") Then CheckStr = -1
        If InStr(LCase(ParaValue), "like") Then CheckStr = -1
        If InStr(LCase(ParaValue), "cast") Then CheckStr = -1
        If InStr(LCase(ParaValue), "script") Then CheckStr = -1
        If InStr(LCase(ParaValue), "iframe") Then CheckStr = -1
        If InStr(LCase(ParaValue), "exec") Then CheckStr = -1
        If InStr(LCase(ParaValue), "xp_cmdshell") Then CheckStr = -1
        If InStr(LCase(ParaValue), "asc") Then CheckStr = -1
        If InStr(LCase(ParaValue), "char") Then CheckStr = -1
        'If InStr(LCase(ParaValue), "unicode") Then CheckStr = -1
	If InStr(LCase(ParaValue), "%27") Then CheckStr = -1
        If InStr(LCase(ParaValue), "%3b") Then CheckStr = -1
	If InStr(LCase(ParaValue), "%22") Then CheckStr = -1
	If InStr(LCase(ParaValue), "http") Then CheckStr = -1
	If InStr(LCase(ParaValue), "://") Then CheckStr = -1
	If InStr(LCase(ParaValue), "</") Then CheckStr = -1
End Function

For Each Fy_Get In Request.QueryString
    If (CheckStr(LCase(Request.QueryString(Fy_Get))) < 0) or (CheckStr(LCase(request.cookies(Fy_Get))) < 0) Then
'	Response.Write "含有非法字符！"
        'Response.Write LCase(Request.QueryString(Fy_Get))
        Response.end
    end if
		
Next
For Each Fy_Post In Request.Form
    If (CheckStr(LCase(Request.Form(Fy_Post))) <0) or (CheckStr(LCase(request.cookies(Fy_Post))) <0) Then
'	Response.Write "含有非法字符！"
        'Response.Write Fy_Post
	'Response.Write LCase(Request.Form(Fy_Post))
        Response.end
    end if		
Next
%>
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -