Dim ParaValue
ParaValue=Trim(Request(ParaName))
if ParaValue <> "" then
If ParaType = 1 then
If not isNumeric(ParaValue) then
AlertErr("参数类型出错:" & ParaName & "必须为数字型!")
Response.end
End if
Else
ParaValue=SqlFilter(Replace(ParaValue,"'","''"))
End if
end if
SafeRequest=ParaValue
End Function
用这个函数 判断request的值 是否为 数字型
然后
Dim Query_Badword,Form_Badword,a,Err_Message,Err_Web,name
if request.QueryString <>"" then
Chk_badword=split(Query_Badword,"‖")
FOR each Query_Name in Request.QueryString
for a=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(a)) <>0 Then
Response.Write "·出错了!参数"&name&"的值中包含非法字符串!"
Response.End
End If
next
NEXT
End if
'-----对 post 表 单值的过滤.
if request.form <>"" then
Chk_badword=split(Form_Badword,"‖")
FOR each name in Request.Form
for a=0 to ubound(Chk_badword)
If Instr(LCase(request.form(name)),Chk_badword(a)) <>0 Then
Response.Write "·出错了!表单"&name&"的值中包含非法字符串! <br>·请不要在表单中出现: % & * < > 等非法字符!"
Response.End
End If
next
NEXT
end if