62,046
社区成员
发帖
与我相关
我的任务
分享
'==========安全代码==========
Dim GetFlag Rem(提交方式)
Dim ErrorSql Rem(非法字符)
Dim RequestKey Rem(提交数据)
Dim ForI Rem(循环标记)
ErrorSql = "'~;~and~(~)~exec~update~count~*~%~<~>~chr~mid~master~truncate~char~declare" Rem(每个敏感字符或者词语请使用半角 "~" 格开)
ErrorSql = Split(ErrorSql, "~")
If Request.ServerVariables("REQUEST_METHOD") = "GET" Then
GetFlag = True
Else
GetFlag = False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For ForI = 0 To UBound(ErrorSql)
If InStr(LCase(Request.QueryString(RequestKey)), ErrorSql(ForI))<>0 Then
Call infoback("请不要使用特殊字符,例如英文单引号等!")
End If
Next
Next
Else
For Each RequestKey In Request.Form
For ForI = 0 To UBound(ErrorSql)
If InStr(LCase(Request.Form(RequestKey)), ErrorSql(ForI))<>0 Then
Call infoback("请不要使用特殊字符,例如英文单引号等!")
End If
Next
Next
End If
Sql_in = "and |or |on |in |select |insert |update |delete |exec |declare |'"
Sql = Split(Sql_in, "|")
If Request.QueryString<>"" Then
For Each Sql_Get In Request.QueryString
For Sql_Data = 0 To UBound(Sql)
If InStr(LCase(Request.QueryString(Sql_Get)), Sql(Sql_Data))<>0 Then
Call infoback("请不要尝试非法注入!")
End If
Next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For Sql_Data = 0 To UBound(Sql)
If InStr(LCase(Request.Form(Sql_Post)), Sql(Sql_Data))<>0 Then
Call infoback("请不要尝试非法注入!")
End If
Next
Next
End If