www.gusucode.com > 凡人网络购物系统 2008源码程序 > IncAsp/venshop_sqlcheck.asp
<% '表单数据初步判断,检验攻击语句 Form_Badword="%20or%20|'|""|%|update|select|delete|insert|java|script|exec|cmd|shell|count|mid|char|drop|master|from|net%20user|/add|iframe" if request.form<>"" then Chk_badword=split(Form_Badword,"|") FOR EACH name IN Request.Form for i=0 to ubound(Chk_badword) If Instr(LCase(request.form(name)),Chk_badword(i))<>0 Then showerr "e" End If NEXT NEXT end if '参数初步判断,检验攻击语句 Query_Badword="%20or%20|'|""|%|update|=|select|delete|insert|java|script|exec|cmd|shell|count|mid|char|drop|master|from|net%20user|/add|iframe" if request.QueryString<>"" then Chk_badword=split(Query_Badword,"|") FOR EACH Query_Name IN Request.QueryString for i=0 to ubound(Chk_badword) If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i))<>0 Then showerr "e" End If NEXT NEXT End if '验证email有效性 function IsValidEmail(user_mail) IsValidEmail = true names = Split(user_mail, "@") if UBound(names) <> 1 then IsValidEmail = false exit function end if for each name in names if Len(name) <= 0 then IsValidEmail = false exit function end if for i = 1 to Len(name) c = Lcase(Mid(name, i, 1)) if InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric(c) then IsValidEmail = false exit function end if next if Left(name, 1) = "." or Right(name, 1) = "." then IsValidEmail = false exit function end if next if InStr(names(1), ".") <= 0 then IsValidEmail = false exit function end if i = Len(names(1)) - InStrRev(names(1), ".") if i <> 2 and i <> 3 then IsValidEmail = false exit function end if if InStr(email, "..") > 0 then IsValidEmail = false end if end function %>