ASP 非法字符过滤函数
程序员文章站
2022-04-14 20:33:29
复制代码 代码如下:
<%
'==============================================================检查提...
复制代码 代码如下:
<%
'==============================================================检查提交数据合法性
function checkinput()
'--------定义部份------------------
dim fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr,kill_ip,writesql
'自定义需要过滤的字串,用 "|" 分隔
fy_in = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
fy_inf = split(fy_in,"|")
'--------post部份------------------
if request.form <> "" then
for each fy_post in request.form
for fy_xh = 0 to ubound(fy_inf)
if instr(lcase(request.form(fy_post)),fy_inf(fy_xh)) <> 0 then
echo "<script language=javascript>alert('请不要在参数中包含非法字符!');history.go(-1);</script>"
response.end
end if
next
next
end if
'----------------------------------
'--------get部份-------------------
if request.querystring <> "" then
for each fy_get in request.querystring
for fy_xh = 0 to ubound(fy_inf)
if instr(lcase(request.querystring(fy_get)),fy_inf(fy_xh)) <> 0 then
echo "<script language=javascript>alert('请不要在参数中包含非法字符!');history.go(-1);</script>"
response.end
end if
next
next
end if
end function
%>