Copy the following code to the head of each file to prevent SQL injection, write program security is the most important:
<%
Dim Fy_url,fy_a,fy_x,fy_cs (), FY_CL,FY_TS,FY_ZX
'---define partial head------
FY_CL = 1 ' processing mode: 1 = hint information, 2 = Turn page, 3 = prompt before turning
FY_ZX = "error.asp" The page to turn when error
'---define partial tail------
On Error Resume Next
Fy_url=request.servervariables ("Query_string")
Fy_a=split (Fy_url, "&")
ReDim Fy_cs (UBound (fy_a))
On Error Resume Next
For fy_x=0 to UBound (fy_a)
Fy_cs (fy_x) = Left (Fy_a (fy_x), InStr (Fy_a (fy_x), "=")-1)
Next
For fy_x=0 to UBound (Fy_cs)
If Fy_cs (fy_x) <> "" Then
If Instr (LCase (Fy_cs (fy_x)), "'") <>0 or Instr (LCase (Fy_cs)), "and") Fy_x or <>0 ( LCase (Fy_cs (fy_x)), "select" <>0 or Instr (LCase (Fy_cs)), "Update" fy_x or <>0 ( LCase (Fy_cs (fy_x)), "CHR") <>0 or Instr (LCase (Fy_cs)), "fy_x") Delete%20from or Instr (LCase (Fy_cs (fy_x)), ";" <>0 or Instr (LCase (Request (Fy_cs (fy_x)), insert) <>0 or INSTR (LCase (Request (Fy_cs)), "Mid" < >0 Or Instr (LCase (Request (Fy_cs (fy_x))), "Master." <>0 Then
Select Case FY_CL
Case "1"
Response.Write "<script Language=javascript>alert" ("There is an error!") The value of the parameter "&fy_cs (fy_x) &" contains an illegal string! \ n \ nplease do not appear in the parameters:;, AND,SELECT,UPDATE,INSERT,DELETE,CHR and other illegal characters! What do you want to do? Don't do anything boring! Thank you! '); Window.close ();</script> "
Case "2"
Response.Write "<script language=javascript>location.href= '" &Fy_Zx& "' </Script>"
Case "3"
Response.Write "<script Language=javascript>alert" ("There is an error!") The value of the parameter "&fy_cs (fy_x) &" contains an illegal string! \ n \ nplease do not appear in the parameters:;, AND,SELECT,UPDATE,INSERT,DELETE,CHR and other illegal characters! What do you want to do? Don't do anything boring! Thank you! Location.href= ' "&Fy_Zx&" ';</script> "
End Select
Response.End
End If
End If
Next
%>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
