?? fsql.asp
字號(hào):
<%
Function CheckStr(ChkStr) '檢查無(wú)效字符
Dim ParaValue
ParaValue = ChkStr
ParaValue = Trim(ParaValue)
CheckStr = 1
If IsNull(ParaValue) Or ParaValue = "" Then
CheckStr = 0
Exit Function
End If
If InStr(ParaValue, "'") Then CheckStr = -1
If InStr(ParaValue, ";") Then CheckStr = -1
If InStr(ParaValue, """") Then CheckStr = -1
If InStr(LCase(ParaValue), "select") Then CheckStr = -1
If InStr(LCase(ParaValue), "insert") Then CheckStr = -1
If InStr(LCase(ParaValue), "declare") Then CheckStr = -1
If InStr(LCase(ParaValue), "Drop") Then CheckStr = -1
If InStr(LCase(ParaValue), "update") Then CheckStr = -1
If InStr(LCase(ParaValue), "delete") Then CheckStr = -1
If InStr(LCase(ParaValue), "create") Then CheckStr = -1
If InStr(LCase(ParaValue), "modify") Then CheckStr = -1
If InStr(LCase(ParaValue), "alter") Then CheckStr = -1
If InStr(LCase(ParaValue), "rename") Then CheckStr = -1
If InStr(LCase(ParaValue), "join") Then CheckStr = -1
If InStr(LCase(ParaValue), "where") Then CheckStr = -1
If InStr(LCase(ParaValue), "like") Then CheckStr = -1
If InStr(LCase(ParaValue), "cast") Then CheckStr = -1
If InStr(LCase(ParaValue), "script") Then CheckStr = -1
If InStr(LCase(ParaValue), "iframe") Then CheckStr = -1
If InStr(LCase(ParaValue), "exec") Then CheckStr = -1
If InStr(LCase(ParaValue), "xp_cmdshell") Then CheckStr = -1
If InStr(LCase(ParaValue), "asc") Then CheckStr = -1
If InStr(LCase(ParaValue), "char") Then CheckStr = -1
'If InStr(LCase(ParaValue), "unicode") Then CheckStr = -1
If InStr(LCase(ParaValue), "%27") Then CheckStr = -1
If InStr(LCase(ParaValue), "%3b") Then CheckStr = -1
If InStr(LCase(ParaValue), "%22") Then CheckStr = -1
If InStr(LCase(ParaValue), "http") Then CheckStr = -1
If InStr(LCase(ParaValue), "://") Then CheckStr = -1
If InStr(LCase(ParaValue), "</") Then CheckStr = -1
End Function
For Each Fy_Get In Request.QueryString
If (CheckStr(LCase(Request.QueryString(Fy_Get))) < 0) or (CheckStr(LCase(request.cookies(Fy_Get))) < 0) Then
' Response.Write "含有非法字符!"
'Response.Write LCase(Request.QueryString(Fy_Get))
Response.end
end if
Next
For Each Fy_Post In Request.Form
If (CheckStr(LCase(Request.Form(Fy_Post))) <0) or (CheckStr(LCase(request.cookies(Fy_Post))) <0) Then
' Response.Write "含有非法字符!"
'Response.Write Fy_Post
'Response.Write LCase(Request.Form(Fy_Post))
Response.end
end if
Next
%>?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -