These days is really a hole in the SQL injection to hurt God, online code a lot of not very esoteric is trouble. Finally found a universal anti-note code, sharing, hehe. Easy to operate, as long as a included or put into the conn.asp, to fix. Finally, it is estimated that there are some dangerous characters do not put all, help me to complete, thank you!
<%
"--------Definition part------------------
Dim Fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr
"" To customize the string to filter, separated by "anti"
fy_in = "" ' Anti-and-anti-exec anti-insert anti-select anti-delete anti-update anti-count anti-anti-CHR anti-"mid anti-truncate anti-char anti-declare < > anti-anti- | anti-Anti _ "
Fy_inf = Split (fy_in, "anti")
If request.form<> "" Then
For each fy_post in Request.Form
For fy_xh=0 to Ubound (Fy_inf)
If Instr (LCase (Request.Form (Fy_post)), Fy_inf (FY_XH)) <>0 Then
Response.Write "<script Language=javascript>alert" "Network long Friendship tips Hacker Heroes ↓ Please do not include illegal characters in the parameters attempt to inject attack this site, this site is not easy to do. I'm a rookie, so scared. , let me have a horse! Give me a message ';</script> '
Response.Write "Illegal Operation! This site has been to the heroes you have done the following record ↓<br> "
Response.Write "Operation IP:" &request.servervariables ("REMOTE_ADDR") & "<br>"
Response.Write "Operation time:" &Now& "<br>"
Response.Write "Action page:" &request.servervariables ("URL") & "<br>"
Response.Write "Submit Way:post<br>"
Response.Write "Submit Parameters:" &Fy_Post& "<br>"
Response.Write "Submit data:" &request.form (Fy_post)
Response.End
End If
Next
Next
End If
If request.querystring<> "" Then
For each fy_get in Request.QueryString
For fy_xh=0 to Ubound (Fy_inf)
If Instr (LCase (Request.QueryString (Fy_get)), Fy_inf (FY_XH)) <>0 Then
Response.Write "<script Language=javascript>alert" "Network long Friendship tips Hacker Heroes ↓ Please do not include illegal characters in the parameters attempt to inject attack this site, this site is not easy to do. I'm a rookie, so scared. , let me have a horse! Give me a message ';</script> '
Response.Write "Illegal Operation! This site has been to the heroes you have done the following record ↓<br> "
Response.Write "Operation IP:" &request.servervariables ("REMOTE_ADDR") & "<br>"
Response.Write "Operation time:" &Now& "<br>"
Response.Write "Action page:" &request.servervariables ("URL") & "<br>"
Response.Write "Submit Way:get<br>"
Response.Write "Submit Parameters:" &Fy_Get& "<br>"
Response.Write "Submit data:" &request.querystring (Fy_get)
Response.End
End If
Next
Next
End If
%>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.