<%
dim sql_injdata
sql_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|iframe|url=|href|<script>|</script>|<iframe>|</iframe>"
sql_inj = split(sql_injdata,"|")
if request.querystring<>"" then
for each sql_get in request.querystring
for sql_data=0 to ubound(sql_inj)
if instr(request.querystring(sql_get),sql_inj(sql_data))>0 then
response.write "<script language=javascript>alert('sql通用防注入系统提示↓请不要在参数中包含非法字符尝试注入!');history.back(-1)</script>"
response.end
end if
next
next
end if
if request.form<>"" then
for each sql_post in request.form
for sql_data=0 to ubound(sql_inj)
if instr(request.form(sql_post),sql_inj(sql_data))>0 then
response.write "<script language=javascript>alert('sql通用防注入系统提示↓请不要在参数中包含非法字符尝试注入!');history.back(-1)</script>"
response.end
end if
next
next
end if
%>