'SQL检查的ASP,代码
Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Fy_Inf = split(Fy_In,"|")
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
response.write "提交错误"
response.end
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each Fy_Post In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
response.write "提交错误"
response.end
End If
Next
Next
End If
[
本帖最后由 ysf0181 于 2012-11-4 10:26 编辑 ]
2012-11-01 11:06
