62,046
社区成员
发帖
与我相关
我的任务
分享
<%
'防止本地提交
Sub Chkhttp()
Dim url1,url2
url1 = Cstr(Request.ServerVariables("HTTP_REFERER"))
url2 = Cstr(Request.ServerVariables("SERVER_NAME"))
If Mid(url1,8,Len(url2))<>url2 Then
Response.Write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=250>"
Response.Write "<tr><td style=font:9pt Verdana>"
Response.Write "不会吧,老兄,提交方式不太对哟!"
Response.Write "</td></tr></table></center>"
Response.End
End If
End Sub
%>
<%
'防止URL地址注入
Sub URLSQL()
ThisUEL=Request.ServerVariables("SERVER_NAME")
If InStr(ThisURL,"'") or InStr(ThisURL,"or") or InStr(ThisURL,"select") or InStr(ThisURL,"and") or InStr(ThisURL,"from") or InStr(ThisURL,"where") Then
Response.Write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=250>"
Response.Write "<tr><td style=font:9pt Verdana>"
Response.Write "So Sorry!您的页面提交方式似乎不正确!"
Response.Write "</td></tr></table></center>"
Response.End
End If
End sub
%>
<%
'过滤SQL字符(表单)
Function BadName(StrChar)
If IsNull(StrChar) or StrChar="" Then
BadName=""
Else
BadName = Replace(StrChar, "'", "")
BadName = Replace(StrChar, "*", "")
BadName = Replace(StrChar, "?", "")
BadName = Replace(StrChar, "(", "")
BadName = Replace(StrChar, ")", "")
BadName = Replace(StrChar, "<", "")
BadName = Replace(StrChar, ">", "")
BadName = Replace(StrChar, ".", "")
BadName = Replace(StrChar, ";", "")
BadName = Replace(StrChar, "#", "")
BadName = Replace(StrChar, "%", "")
End If
End Function
%>
<%
'过滤SQL危险字符2
Function sqlstr(data) '替换字符串
data = Trim(Replace(Request.Form(data),"&","&"))
data = Replace(data,"<","<")
data = Replace(data,">",">")
data = Replace(data,"'","""")
data = Replace(data,"*","")
data = Replace(data,"?","")
data = Replace(data,"select","")
data = Replace(data,"insert","")
data = Replace(data,"delete","")
data = Replace(data,"update","")
data = Replace(data,"delete","")
data = Replace(data,"create","")
data = Replace(data,"drop","")
data = Replace(data,"declare","")
data = Replace(data,vbCrLf&vbCrlf,"</p><p>")
data = Replace(data,vbCrLf,"<br>")
sqlstr = Replace(data," "," ")
End Function
%>