Copy Code code as follows:
<%
' ============================================================== Check submission data legality
Function Checkinput ()
'--------Definition part------------------
Dim Fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr,kill_ip,writesql
' Customize the string to be filtered, separated by ' | '
fy_in = "' |;| and| (|)| exec|insert|select|delete|update|count|*|%| Chr|mid|master|truncate|char|declare "
Fy_inf = Split (fy_in, "|")
'--------Post part------------------
If request.form <> "" Then
For each fy_post in Request.Form
For fy_xh = 0 to Ubound (fy_inf)
If Instr (LCase (Request.Form (Fy_post)), Fy_inf (fy_xh)) <> 0 Then
Echo ' <script language=javascript>alert (' Do not include illegal characters in Parameters! '); History.go ( -1);</script> "
Response.End
End If
Next
Next
End If
'----------------------------------
'--------Get part-------------------
If request.querystring <> "" Then
For each fy_get in Request.QueryString
For fy_xh = 0 to Ubound (fy_inf)
If Instr (LCase (Request.QueryString (Fy_get)), Fy_inf (fy_xh)) <> 0 Then
Echo ' <script language=javascript>alert (' Do not include illegal characters in Parameters! '); History.go ( -1);</script> "
Response.End
End If
Next
Next
End If
End Function
%>