These days, the SQL injection vulnerability has hurt your mind. A lot of online code is not very esoteric, but troublesome.
I finally found the omnipotent anti-injection code and shared it.
Easy to use. You only need to include or put it in conn. asp.
At last, it is estimated that there are still some dangerous characters that are not fully loaded. Please help me to complete them. Thank you.
<%
-------- Definition section ------------------
Dim Fy_Post, Fy_Get, Fy_In, Fy_Inf, Fy_Xh, Fy_db, Fy_dbstr
Customize the string to be filtered, separated by "defense"
Fy_In = "defense; anti-and anti-exec anti-insert anti-select anti-delete anti-update anti-count anti-* anti-chr anti-mid anti-master anti-truncate anti-char anti-declare anti <anti> Anti-= anti |- defense _"
Fy_Inf = split (Fy_In, "anti-DDoS ")
If Request. Form <> "" Then
For Each Fy_Post In Request. Form
For Fy_Xh = 0 To Ubound (Fy_Inf)
If Instr (LCase (Request. Form (Fy_Post), Fy_Inf (Fy_Xh) <> 0 Then
Response. Write "<Script Language = JavaScript> alert
Please do not try to inject illegal characters in the parameter to attack this site. This site is not easy to do. I am a newbie, so be afraid of it. Just put it away!
Http://www.ohttp.com
QQ: 100020304
Please leave a message at http://www.pkgo.net/messageto your account. </Script>"
Response. Write "illegal operation! This site has made the following record for you <br>"
Response. Write "Operation IP:" & Request. ServerVariables ("REMOTE_ADDR") & "<br>"
Response. Write "operation time:" & Now & "<br>"
Response. Write "Operation page:" & Request. ServerVariables ("URL") & "<br>"
Response. Write "submission method: POST <br>"
Response. Write "Submit parameters:" & Fy_Post & "<br>"
Response. Write "submit data:" & Request. Form (Fy_Post)
Response. End
End If
Next
Next
End If
If Request. QueryString <> "Then
For Each Fy_Get In Request. QueryString
For Fy_Xh = 0 To Ubound (Fy_Inf)
If Instr (LCase (Request. QueryString (Fy_Get), Fy_Inf (Fy_Xh) <> 0 Then
Response. Write "<Script Language = JavaScript> alert
Please do not try to inject illegal characters in the parameter to attack this site. This site is not easy to do. I am a newbie, so be afraid of it. Just put it away!
Http://www.ohttp.com
QQ: 100020304
Please leave a message at http://www.pkgo.net/messageto your account. </Script>"
Response. Write "illegal operation! This site has made the following record for you <br>"
Response. Write "Operation IP:" & Request. ServerVariables ("REMOTE_ADDR") & "<br>"
Response. Write "operation time:" & Now & "<br>"
Response. Write "Operation page:" & Request. ServerVariables ("URL") & "<br>"
Response. Write "submission method: GET <br>"
Response. Write "Submit parameters:" & Fy_Get & "<br>"
Response. Write "submit data:" & Request. QueryString (Fy_Get)
Response. End
End If
Next
Next
End If
%>