上一篇
下一篇
asp防注入代码
作者:刚子 日期:2009-06-15
程序代码<%
'过于严格
Dim N_In,N_Inf,N_Get
N_In = "'|;|and|(|)|exec|script|javascript|insert|select|delete|update|count|*|%
|chr|mid|master|truncate|char|declare"
N_Inf = split(N_In,"|")
If Request.Form<>"" Then StopInjection(Request.Form)
If Request.QueryString<>"" Then StopInjection(Request.QueryString)
If Request.Cookies<>"" Then StopInjection(Request.Cookies)
Function StopInjection(values)
For Each N_Get In values
Select_BadChar(values)
Next
End Function
Function Select_BadChar(values)
For N_Xh=0 To Ubound(N_Inf)
If Instr(LCase(values(N_Get)),N_Inf(N_Xh))<>0 Then
'Response.Redirect "/"
Response.Write("您提交的数据有恶意字符!")
Response.End
End If
Next
End Function
%>
'过于严格
Dim N_In,N_Inf,N_Get
N_In = "'|;|and|(|)|exec|script|javascript|insert|select|delete|update|count|*|%
|chr|mid|master|truncate|char|declare"
N_Inf = split(N_In,"|")
If Request.Form<>"" Then StopInjection(Request.Form)
If Request.QueryString<>"" Then StopInjection(Request.QueryString)
If Request.Cookies<>"" Then StopInjection(Request.Cookies)
Function StopInjection(values)
For Each N_Get In values
Select_BadChar(values)
Next
End Function
Function Select_BadChar(values)
For N_Xh=0 To Ubound(N_Inf)
If Instr(LCase(values(N_Get)),N_Inf(N_Xh))<>0 Then
'Response.Redirect "/"
Response.Write("您提交的数据有恶意字符!")
Response.End
End If
Next
End Function
%>
文章来自: 
引用通告: 
Tags: 评论: 0 | 引用: 0 | 查看次数: -
发表评论