< % Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx ' ---定义部份 头------ Fy_Cl = 1 ' 处理方式:1=提示信息,2=转向页面,3=先提示再转向 Fy_Zx = " Error.Asp " ' 出错时转向的页面 ' ---定义部份 尾------ ' ----------版权说明---------------- ' 枫叶SQL通用防注入 V1.0 ASP版 ' 本程序由 枫知秋 独立开发 ' 有疑问或想得到最新版请联系本人 ' 联系QQ:613548 ' 使用时请保留本人版权信息。 ' 本程序欢迎转载 ' --------枫知秋 版权所有----------- On Error Resume Next Fy_Url = Request.ServerVariables( " QUERY_STRING " )Fy_a = split (Fy_Url, " & " ) redim Fy_Cs( ubound (Fy_a)) On Error Resume Next for Fy_x = 0 to ubound (Fy_a)Fy_Cs(Fy_x) = left (Fy_a(Fy_x), instr (Fy_a(Fy_x), " = " ) - 1 ) Next For Fy_x = 0 to ubound (Fy_Cs) If Fy_Cs(Fy_x) <> "" Then If Instr ( LCase (Request(Fy_Cs(Fy_x))), " ' " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " and " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " select " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " update " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " chr " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " delete from " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " ; " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " insert " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " mid " ) <> 0 Or Instr ( LCase (Request(Fy_Cs(Fy_x))), " master. " ) <> 0 Then Select Case Fy_Cl Case " 1 " Response.Write " <Script Language=javascript>alert(' 出现错误!参数 " & Fy_Cs(Fy_x) & " 的值中包含非法字符串! 请不要在参数中出现:;,and,select,update,insert,delete,chr 等非法字符! by KenJoy EMail:62561@qq.com');window.close();</Script> " Case " 2 " Response.Write " <Script Language=javascript>location.href=' " & Fy_Zx & " '</Script> " Case " 3 " Response.Write " <Script Language=javascript>alert(' 出现错误!参数 " & Fy_Cs(Fy_x) & " 的值中包含非法字符串! 请不要在参数中出现:;,and,select,update,insert,delete,chr 等非法字符! by KenJoy EMail:62561@qq.com');location.href=' " & Fy_Zx & " ';</Script> " End Select Response.End End If End If Next % >
