<%
'''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''' '''''
'Asp general anti-injection code
'You can copy the code to the header file.
'Is an object that exists.
'Prepared by: yiniu-2005-7-29
'Http: // www.dosu.cn
'''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''' '''''
Dim getflag REM (submission method)
Dim errorsql REM (invalid character)
Dim requestkey REM (submit data)
Dim fori REM (Cyclic mark)
Errorsql = "'~;~ And ~ (~)~ Exec ~ Update ~ Count ~ *~ % ~ CHR ~ Mid
~ Master ~ Truncate ~ Char ~ Declare "REM (use halfwidth for each sensitive character or word "~ "Gekai)
Errorsql = Split (errorsql ,"~ ")
If request. servervariables ("request_method") = "get" then
Getflag = true
Else
Getflag = false
End if
If getflag then
For each requestkey in request. querystring
For fori = 0 to ubound (errorsql)
If instr (lcase (request. querystring (requestkey )),
Errorsql (fori) <> 0 then
Response. write "<SCRIPT> alert (" "Warning:/n please do not use sensitive characters" "); location. href = "" SQL. ASP ""; </SCRIPT>"
Response. End
End if
Next
Next
Else
For each requestkey in request. Form
For fori = 0 to ubound (errorsql)
If instr (lcase (request. Form (requestkey )),
Errorsql (fori) <> 0 then
Response. write "<SCRIPT> alert (" "Warning:/n please do not use sensitive characters" "); location. href = "" SQL. ASP ""; </SCRIPT>"
Response. End
End if
Next
Next
End if
%>
Second
Function checkstr (STR)
If isnull (STR) then
Checkstr = ""
Exit Function
End if
STR = Replace (STR, CHR (0), "", 1,-1, 1)
STR = Replace (STR, ",", 1,-1, 1)
STR = Replace (STR, "<;", "<;", 1,-1, 1)
STR = Replace (STR, ">;", ">;", 1,-1, 1)
STR = Replace (STR, "script", "script", 1,-1, 0)
STR = Replace (STR, "script", "script", 1,-1, 0)
STR = Replace (STR, "script", "script", 1,-1, 0)
STR = Replace (STR, "script", "script", 1,-1, 1)
STR = Replace (STR, "object", "object", 1,-1, 0)
STR = Replace (STR, "object", "object", 1,-1, 0)
STR = Replace (STR, "object", "object", 1,-1, 0)
STR = Replace (STR, "object", "object", 1,-1, 1)
STR = Replace (STR, "applet", "applet", 1,-1, 0)
STR = Replace (STR, "applet", "applet", 1,-1, 0)
STR = Replace (STR, "applet", "applet", 1,-1, 0)
STR = Replace (STR, "applet", "applet", 1,-1, 1)
STR = Replace (STR ,"[","[")
STR = Replace (STR, "]", "]")
STR = Replace (STR, "," ", 1,-1, 1)
STR = Replace (STR, "=", "=", 1,-1, 1)
STR = Replace (STR, "'", "'' ", 1,-1, 1)
STR = Replace (STR, "select", "select", 1,-1, 1)
STR = Replace (STR, "execute", "execute", 1,-1, 1)
STR = Replace (STR, "EXEC", "EXEC", 1,-1, 1)
STR = Replace (STR, "Join", "Join", 1,-1, 1)
STR = Replace (STR, "Union", "Union", 1,-1, 1)
STR = Replace (STR, "where", "where", 1,-1, 1)
STR = Replace (STR, "insert", "insert", 1,-1, 1)
STR = Replace (STR, "delete", "delete", 1,-1, 1)
STR = Replace (STR, "Update", "Update", 1,-1, 1)
STR = Replace (STR, "like", "like", 1,-1, 1)
STR = Replace (STR, "Drop", "Drop", 1,-1, 1)
STR = Replace (STR, "CREATE", "CREATE", 1,-1, 1)
STR = Replace (STR, "RENAME", "RENAME", 1,-1, 1)
STR = Replace (STR, "Count", "Count", 1,-1, 1)
STR = Replace (STR, "CHR", "CHR", 1,-1, 1)
STR = Replace (STR, "mid", "mid", 1,-1, 1)
STR = Replace (STR, "truncate", "truncate", 1,-1, 1)
STR = Replace (STR, "nchar", "nchar", 1,-1, 1)
STR = Replace (STR, "char", "char", 1,-1, 1)
STR = Replace (STR, "alter", "alter", 1,-1, 1)
STR = Replace (STR, "cast", "cast", 1,-1, 1)
STR = Replace (STR, "exists", "exists", 1,-1, 1)
STR = Replace (STR, CHR (13), "<; br>;", 1,-1, 1)
Checkstr = Replace (STR, "'", "'' ", 1,-1, 1)
End Function
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
