| 〖文章分类:电脑·手机·网络 / 网站设计·开发·优化〗〖阅读选项〗 |
|
将以下代码保存为 *.asp,如 SQL.asp,然后在每个 ASP 页面的头部加入 <!--#include file="SQL.asp"-->,一般只要在前台页面加入即可,后台的页面因为要经常添加数据,为防止过滤检测,还是不要加入这段代码。
<%
dim GuFormGet
dim GuStringFormGet,GuStringFormPost
dim RequestKey,i,j
GuStringFormGet="'|);|and|select|exec|update|count|*|%|chr|mid|master|truncate|char|declare|delete|%20from|insert|="
GuStringFormPost="'|%|&|*|#|=|select|and|set|delete"
GuStringFormGet=Split(GuStringFormGet,"|")
GuStringFormPost=Split(GuStringFormPost,"|")
if LCase(Request.ServerVariables("REQUEST_METHOD"))="get" then
GuFormGet=true
else
GuFormGet=false
end if
if GuFormGet then
for each RequestKey in Request.QueryString
for i=0 to Ubound(GuStringFormGet)
if InStr(LCase(Request.QueryString(RequestKey)),GuStringFormGet(i))<>0 then
call GuMessageSQL()
end if
next
next
else
for each RequestKey in Request.Form
for j=0 to Ubound(GuStringFormPost)
if InStr(LCase(Request.Form(RequestKey)),GuStringFormPost(j))<>0 then
call GuMessageSQL()
end if
next
next
end if
sub GuMessageSQL()
Response.write "<html>" &vbCrLf
Response.write "<head>" &vbCrLf
Response.write "<title>网站名称</title>" &vbCrLf
Response.write "<meta http-equiv=""Content-Type"" content=""text/html;charset=gb2312"">" &vbCrLf
Response.write "<meta http-equiv=""Content-Language"" Content=""zh-CN"">"&vbCrLf
Response.write "</head>" &vbCrLf
Response.write "" &vbCrLf
Response.write "<body>" &vbCrLf
Response.write "" &vbCrLf
Response.write "<span style=""font-family:宋体;font-size:14px;color:#FF0000;"">数据提交失败,表单中包含特殊字符。</span><br><br>" &vbCrLf
Response.write "<a href=""#"" onclick=""JavaScript:history.go(-1);"" style=""font-family:宋体;font-size:12px;color:#C0C0C0;text-decoration:none;"">[后退]</a>" &vbCrLf
Response.write "" &vbCrLf
Response.write "</body>" &vbCrLf
Response.write "</html>" &vbCrLf
Response.end
end sub
%>
|
| 文章作者:未知 更新日期:2009-09-10 |
| 〖文章浏览:〗〖打印文章〗〖发送文章〗 |
|
|
|
本 站 搜 索
文 章 阅 读 排 行
文 章 信 息