If InStr (Request.QueryString (Sql_get), Sql_inj (sql_data)) >0 Then
Response.Write "<script language= ' JavaScript ' >{alert (' Do not include illegal characters in Parameters! '); History.back ( -1)}</script> "
Response.End
End If
Next
Next
End If
If request.form<> "" Then
For each sql_post in Request.Form
For Sql_data=0 to Ubound (Sql_inj)
If InStr (Request.Form (Sql_post), Sql_inj (sql_data)) >0 Then
Response.Write "<script language= ' JavaScript ' >{alert (' Do not include illegal characters in Parameters! '); History.back ( -1)} </Script> "
Response.End
End If
Next
Next
End If
End Function
Function checkstr (byVal chkstr) ' Check for invalid characters
Dim Str:str=chkstr
Str=trim (STR)
If IsNull (STR) Then
Checkstr = ""
Exit Function
End If
Dim RE
Set re=new REGEXP
Re. IgnoreCase =true
Re. Global=true
Re. Pattern= "(\ r \ n) {3,}"
Str=re. Replace (STR, "$1$1$1")
Set re=nothing
str = Replace (str, "'", "" ")
str = Replace (str, "select", "select")
str = Replace (str, "join", "join")
str = Replace (str, "union", "union")
str = Replace (str, "where", "where")
str = Replace (str, INSERT, insert)
str = Replace (str, "delete", "delete")
str = Replace (str, "Update", "Update")
str = Replace (str, "like", "like")
str = Replace (str, "Drop", "drop")
str = Replace (str, "create", "create")
str = Replace (str, "Modify", "modify")
str = Replace (str, "rename", "Rename")
str = Replace (str, "ALTER", "alter")
str = Replace (str, "cast", "cast")
Checkstr=str
End Function
Function uncheckstr (Str) ' Check for illegal SQL commands
str = Replace (str, "select", "select")
str = Replace (str, "join", "join")
str = Replace (str, "union", "union")
str = Replace (str, "where", "where")
str = Replace (str, INSERT, insert)
str = Replace (str, "delete", "delete")
str = Replace (str, "Update", "Update")
str = Replace (str, "like", "like")
str = Replace (str, "Drop", "drop")
str = Replace (str, "create", "create")
str = Replace (str, "Modify", "modify")
str = Replace (str, "rename", "Rename")
str = Replace (str, "ALTER", "alter")
str = Replace (str, "cast", "cast")
Uncheckstr=str
End Function
Function checkstr (STR) ' SQL anti-injection filtering culvert number
'-----------------------------------------system detection using the function ↓------------------------------------------
'---------------------detect if the Web page is valid-----------------------
Function isvalidurl (URL)
Set XL = Server.CreateObject ("Microsoft.XMLHTTP")
Xl. Open "Head", Url,false
Xl. Send
Isvalidurl = (xl.status=200)
End Function
' If isvalidurl (' &fileurl& ') Then
' Response.Redirect FileURL
' Else
' Response.Write ' due to too many download users, the program detects that the file is temporarily unable to download, please replace the other download address! Thank you for your support for this software site Oh ^_^"
' End If
'------------------Check if a directory exists-------------------
Function gethtmlpage (filename) ' Get file contents
Dim Fso,file
Set FSO = Server.CreateObject ("Scripting.FileSystemObject")
Set File=fso. OpenTextFile (Server.MapPath (filename))
Showhtml=file.readall
File.close
Set file=nothing
Set fso=nothing
Gethtmlpage=showhtml ' output
End Function
Function Checkdir (FolderPath)
Dim fso
Folderpath=server.mappath (".") & "\" &folderpath
Set FSO = Server.CreateObject ("Scripting.FileSystemObject")
If FSO. FolderExists (FolderPath) Then
' Existence
Checkdir = True
Else
' does not exist
Checkdir = False
End If
Set FSO = Nothing
End Function
Function checkfile (FilePath) ' checks if a file exists
Dim FSO
Filepath=server.mappath (Filepath)
Set FSO = Server.CreateObject ("Scripting.FileSystemObject")
If FSO. FileExists (FilePath) Then
' Existence
Checkfile = True
Else
' does not exist
Checkfile = False
End If
Set FSO = Nothing
End Function
'-------------generate a directory based on the specified name---------
Function Makenewsdir (foldername)
Dim fso,f
Set FSO = Server.CreateObject ("Scripting.FileSystemObject")
Set f = fso. CreateFolder (FolderName)
Makenewsdir = True
Set FSO = Nothing
End Function
Function createhtmlpage (filename,filedata,c_mode) ' Generate file
If C_mode=0 then ' use FSO generation
Dim Fso,txt
Set fso = CreateObject ("Scripting.FileSystemObject")
Filepath=server.mappath (filename)
If checkfile (filename) then FSO. DeleteFile Filepath,true ' Prevent continued writing
Set Txt=fso. OpenTextFile (Filepath,8,true)
Txt. Write Filedata
Txt. Close
Set FSO = Nothing
ElseIf c_mode=1 Then ' use stream generation
Dim Vibostream
On Error Resume Next
Set Vibostream = Server.CreateObject ("ADODB. Stream ")
If err.number=-2147221005 Then
Response.Write "<div align= ' center ' style=" "Font-size:12px;font-family:tahoma;" > Unfortunately, your host does not support ADODB. Stream, you cannot use this program </div> "
Err.Clear
Response.End
End If
With Vibostream
. Type = 2
. Open
. CharSet = "GB2312"
. Position = Objstream.size
. WRITETEXT = Filedata
. SaveToFile Server.MapPath (filename), 2
. Close
End With
Set Vibostream = Nothing
End If
Response.Write "<div align= ' center ' style=" "Font-size:12px;font-family:tahoma;" > Congratulations! file <a href= "" "&filename&" "target=" "_blank" "style=" "Font-weight:bold;color: #FF0000;" " > "&filename&" </a> has been generated!... </div> "
Response.Flush ()
End Function
Function Checkbadword (byVal chkstr) ' Filter dirty word
Dim str:str = Chkstr
str = Trim (str)
If IsNull (STR) Then
Checkbadword = ""
Exit Function
End If
DIC = Gethtmlpage ("include/badword.txt") ' Load the Dirty word dictionary
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.