www.gusucode.com > 茶都拼客网全功能版 8 > 茶都拼客网全功能版 8.8源码程序/teasdxmccom/茶都拼客网V8.8(全功能,无限制,完全开源)/info/Ku_Sql.asp
<% Dim QueryData,FormData,QueryName,Name QueryData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from" FormData="<%" cookData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from" '对 get query 值 的过滤. if request.QueryString<>"" then adoData=split(QueryData,"|") FOR EACH QueryName IN Request.QueryString for i=0 to ubound(adoData) If Instr(LCase(request.QueryString(QueryName)),adoData(i))<>0 Then Response.Write "<Script Language=javascript>alert('请不要提交非法请求!!');history.back(-1)</Script>" Response.end End If NEXT NEXT End if '对 post 表 单值的过滤. if request.form<>"" then adoData=split(FormData,"|") FOR EACH Name IN Request.Form for i=0 to ubound(adoData) If Instr(LCase(request.form(Name)),adoData(i))<>0 Then Response.Write "<Script Language=javascript>alert('请不要提交非法请求!');history.back(-1)</Script>" Response.end End If NEXT NEXT end if '对 cookies 值的过滤. if request.cookies<>"" then adoData=split(cookData,"|") FOR EACH cookName IN Request.cookies for i=0 to ubound(adoData) If Instr(LCase(request.form(cookName)),adoData(i))<>0 Then Response.Write "<Script Language=javascript>alert('请不要提交非法请求!');history.back(-1)</Script>" Response.end End If NEXT NEXT end if %>