www.gusucode.com > 茶都拼客网全功能版 8 > 茶都拼客网全功能版 8.8源码程序/teasdxmccom/茶都拼客网V8.8（全功能，无限制，完全开源）/info/Ku_Sql.asp

    <%
Dim QueryData,FormData,QueryName,Name
QueryData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from"
FormData="<%"
cookData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from"

'对 get query 值 的过滤.
if request.QueryString<>"" then
	adoData=split(QueryData,"|")
	FOR EACH QueryName IN Request.QueryString
		for i=0 to ubound(adoData)
			If Instr(LCase(request.QueryString(QueryName)),adoData(i))<>0 Then
				Response.Write "<Script Language=javascript>alert('请不要提交非法请求!!');history.back(-1)</Script>"
				Response.end
			End If
		NEXT
	NEXT
End if
    
'对 post 表 单值的过滤.
if request.form<>"" then
	adoData=split(FormData,"|")
	FOR EACH Name IN Request.Form
		for i=0 to ubound(adoData)
			If Instr(LCase(request.form(Name)),adoData(i))<>0 Then
				Response.Write "<Script Language=javascript>alert('请不要提交非法请求!');history.back(-1)</Script>"
				Response.end
			End If
		NEXT
	NEXT
end if
    
'对 cookies 值的过滤.
if request.cookies<>"" then
	adoData=split(cookData,"|")
	FOR EACH cookName IN Request.cookies
		for i=0 to ubound(adoData)
			If Instr(LCase(request.form(cookName)),adoData(i))<>0 Then
				Response.Write "<Script Language=javascript>alert('请不要提交非法请求!');history.back(-1)</Script>"
				Response.end
			End If
		NEXT
	NEXT
end if
%>