Denial of attack Universal ASP anti-injection code

Anti-injection | attack

These days is really a hole in the SQL injection to hurt God, online code a lot of not very esoteric is trouble. Finally found a universal anti-note code, sharing, hehe. Easy to operate, as long as a included or put into the conn.asp, to fix. Finally, it is estimated that there are some dangerous characters do not put all, help me to complete, thank you!

<%
"--------Definition part------------------
Dim Fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr
"" To customize the string to filter, separated by "anti"
fy_in = "" ' Anti-and-anti-exec anti-insert anti-select anti-delete anti-update anti-count anti-anti-CHR anti-"mid anti-truncate anti-char anti-declare < > anti-anti- | anti-Anti _ "
Fy_inf = Split (fy_in, "anti")
If request.form<> "" Then
For each fy_post in Request.Form
For fy_xh=0 to Ubound (Fy_inf)
If Instr (LCase (Request.Form (Fy_post)), Fy_inf (FY_XH)) <>0 Then
Response.Write "<script Language=javascript>alert" "Network long Friendship tips Hacker Heroes ↓ Please do not include illegal characters in the parameters attempt to inject attack this site, this site is not easy to do. I'm a rookie, so scared. , let me have a horse! Give me a message ';</script> '
Response.Write "Illegal Operation! This site has been to the heroes you have done the following record ↓<br> "
Response.Write "Operation IP:" &request.servervariables ("REMOTE_ADDR") & "<br>"
Response.Write "Operation time:" &Now& "<br>"
Response.Write "Action page:" &request.servervariables ("URL") & "<br>"
Response.Write "Submit Way:post<br>"
Response.Write "Submit Parameters:" &Fy_Post& "<br>"
Response.Write "Submit data:" &request.form (Fy_post)
Response.End
End If
Next
Next
End If
If request.querystring<> "" Then
For each fy_get in Request.QueryString
For fy_xh=0 to Ubound (Fy_inf)
If Instr (LCase (Request.QueryString (Fy_get)), Fy_inf (FY_XH)) <>0 Then
Response.Write "<script Language=javascript>alert" "Network long Friendship tips Hacker Heroes ↓ Please do not include illegal characters in the parameters attempt to inject attack this site, this site is not easy to do. I'm a rookie, so scared. , let me have a horse! Give me a message ';</script> '
Response.Write "Illegal Operation! This site has been to the heroes you have done the following record ↓<br> "
Response.Write "Operation IP:" &request.servervariables ("REMOTE_ADDR") & "<br>"
Response.Write "Operation time:" &Now& "<br>"
Response.Write "Action page:" &request.servervariables ("URL") & "<br>"
Response.Write "Submit Way:get<br>"
Response.Write "Submit Parameters:" &Fy_Get& "<br>"
Response.Write "Submit data:" &request.querystring (Fy_get)
Response.End
End If
Next
Next
End If
%>