28,391
社区成员
发帖
与我相关
我的任务
分享
If Request.QueryString <> "" Then Call StopInjection(Request.QueryString)
If Request.Cookies <> "" Then Call StopInjection(Request.Cookies)
If Request.Form <> "" Then Call StopInjection(Request.Form)
Sub StopInjection(Values)
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|([\s\b+()]+(select|update|cast|varchar|0x440|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
Response.Write "<Script Language=javascript>alert('非法注入!!!');history.back(-1);</Script>"
Response.End
End If
Next
Set regEx = Nothing
End Sub