www.gusucode.com > 凡人网络购物系统 2008源码程序 > IncAsp/venshop_sqlcheck.asp

    <%
'表单数据初步判断，检验攻击语句
Form_Badword="%20or%20|'|""|%|update|select|delete|insert|java|script|exec|cmd|shell|count|mid|char|drop|master|from|net%20user|/add|iframe"
if request.form<>"" then
Chk_badword=split(Form_Badword,"|") 
FOR EACH name IN Request.Form
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.form(name)),Chk_badword(i))<>0 Then
showerr "e"
End If
NEXT
NEXT
end if

'参数初步判断，检验攻击语句
Query_Badword="%20or%20|'|""|%|update|=|select|delete|insert|java|script|exec|cmd|shell|count|mid|char|drop|master|from|net%20user|/add|iframe"
if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"|")
FOR EACH Query_Name IN Request.QueryString
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i))<>0 Then
showerr "e"
End If
NEXT
NEXT
End if

'验证email有效性
function IsValidEmail(user_mail)
IsValidEmail = true
names = Split(user_mail, "@")
if UBound(names) <> 1 then
   IsValidEmail = false
   exit function
end if
for each name in names
   if Len(name) <= 0 then
     IsValidEmail = false
     exit function
   end if
   for i = 1 to Len(name)
     c = Lcase(Mid(name, i, 1))
     if InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric(c) then
       IsValidEmail = false
       exit function
     end if
   next
   if Left(name, 1) = "." or Right(name, 1) = "." then
      IsValidEmail = false
      exit function
   end if
next
if InStr(names(1), ".") <= 0 then
   IsValidEmail = false
   exit function
end if
i = Len(names(1)) - InStrRev(names(1), ".")
if i <> 2 and i <> 3 then
   IsValidEmail = false
   exit function
end if
if InStr(email, "..") > 0 then
   IsValidEmail = false
end if
end function
%>