防止注入的ASP代码
以下是一则防注入代码!
希望可以对广大初程有帮助!
<%
DimGetFlagRem(提交方式)
DimErrorSqlRem(非法字符)
DimRequestKeyRem(提交数据)
DimForIRem(循环标记)
ErrorSql="'~;~and~(~)~exec~update~count~*~%~chr~mid~master~truncate~char~declare"Rem(敏感字符或者词语用半角"~"格开)
ErrorSql=split(ErrorSql,"~")
IfRequest.ServerVariables("REQUEST_METHOD")="GET"Then
GetFlag=True
Else
GetFlag=False
EndIf
IfGetFlagThen
ForEachRequestKeyInRequest.QueryString
ForForI=0ToUbound(ErrorSql)
IfInstr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0Then
response.write"<script>alert(""警告:\n请不要提交非法参数"");location.href=""Sql.asp"";</script>"
Response.End
EndIf
Next
Next
Else
ForEachRequestKeyInRequest.Form
ForForI=0ToUbound(ErrorSql)
IfInstr(LCase(Request.Form(RequestKey)),ErrorSql(ForI))<>0Then
response.write"<script>alert(""警告:\n请不要提交非法参数"");location.href=""Sql.asp"";</script>"
Response.End
EndIf
Next
Next
EndIf
%>