' -------- Definition section ------------------
Dim Fy_post, fy_get, fy_in, fy_inf, fy_xh, fy_db, fy_dbstr, kill_ip, writesql
' Customize the string to be filtered, separated by "|"
Fy_in = " '|; | And | (|) | exec | insert | select | Delete | update | count | * | % | CHR | mid | master | truncate | or | char | declare "
Kill_ip = True
Writesql = True
' ----------------------------------
Fy_inf = Split (Fy_in, " | " )
' -------- Post part ------------------
If Request. Form <> "" Then
For Each Fy_post in request. Form
For Fy_xh = 0 To Ubound (Fy_inf)
If Instr ( Lcase (Request. Form (fy_post), fy_inf (fy_xh )) <> 0 Then
Response. Write " <Script language = JavaScript> alert ('system prompt: \ n please do not include invalid characters in the parameter to try to inject! \ N'); </SCRIPT> "
Response. Write " Illegal operation! You have been recorded by the system for the following illegal operations <br> "
Response. Write " Operation IP Address: " & Request. servervariables ( " Remote_addr " ) & " <Br> "
Response. Write " Operation Time: " & Now & " <Br> "
Response. Write " Operation page: " & Request. servervariables ( " URL " ) & " <Br> "
Response. Write " Submission method: Post <br> "
Response. Write " Submit parameters: " & Fy_post & " <Br> "
Response. Write " Submit data: " & Request. Form (fy_post)
Response. End
End If
Next
Next
End If
' ----------------------------------
' -------- Get part -------------------
If Request. querystring <> "" Then
For Each Fy_get in request. querystring
For Fy_xh = 0 To Ubound (Fy_inf)
If Instr ( Lcase (Request. querystring (fy_get), fy_inf (fy_xh )) <> 0 Then
Response. Write " <Script language = JavaScript> alert ('system prompt: \ n please do not include invalid characters in the parameter to try to inject! \ N'); </SCRIPT> "
Response. Write " Illegal operation! You have been recorded by the system for the following illegal operations <br> "
Response. Write " Operation IP Address: " & Request. servervariables ( " Remote_addr " ) & " <Br> "
Response. Write " Operation Time: " & Now & " <Br> "
Response. Write " Operation page: " & Request. servervariables ( " URL " ) & " <Br> "
Response. Write " Submission method: Get <br> "
Response. Write " Submit parameters: " & Fy_get & " <Br> "
Response. Write " Submit data: " & Request. querystring (fy_get)
Response. End
End If
Next
Next
End If