所属类别:Asp
文章作者:未知
特别推荐:免费发布信息 承包关键词~~抢爆了!HOT!
<%function sqlcheck(Str,errtype)if Instr(LCase(Str),"select ") > 0 or Instr(LCase(Str),"insert ") > 0 or Instr(LCase(Str),"delete ") > 0 or Instr(LCase(Str),"delete from ") > 0 or Instr(LCase(Str),"count(") > 0 or Instr(LCase(Str),"drop table") > 0 or Instr(LCase(Str),"update ") > 0 or Instr(LCase(Str),"truncate ") > 0 or Instr(LCase(Str),"asc(") > 0 or Instr(LCase(Str),"mid(") > 0 or Instr(LCase(Str),"char(") > 0 or Instr(LCase(Str),"xp_cmdshell") > 0 or Instr(LCase(Str),"exec master") > 0 or Instr(LCase(Str),"net localgroup administrators") > 0 or Instr(LCase(Str),"and ") > 0 or Instr(LCase(Str),"net user") > 0 or Instr(LCase(Str),"or ") > 0 thenResponse.write("" & vbcrlf & "window.location.href ='ShowError.asp?errtype=" & errtype & "'" & vbcrlf & "")Response.Endend ifStr=Replace(Str,"_","")'过滤SQL注入_Str=Replace(Str,"*","")'过滤SQL注入*Str=Replace(Str," ","")'过滤SQL注入空格Str=Replace(Str,chr(34),"")'过滤SQL注入"Str=Replace(Str,chr(39),"") '过滤SQL注入'Str=Replace(Str,chr(91),"") '过滤SQL注入[Str=Replace(Str,chr(93),"") '过滤SQL注入]Str=Replace(Str,chr(37),"") '过滤SQL注入%Str=Replace(Str,chr(58),"") '过滤SQL注入:Str=Replace(Str,chr(59),"") '过滤SQL注入;Str=Replace(Str,chr(43),"") '过滤SQL注入+Str=Replace(Str,"{","") '过滤SQL注入{Str=Replace(Str,"}","") '过滤SQL注入}sqlcheck=Str '返回经过上面字符替换后的Strend function%> 关闭本页
相关信息· mysql数据库自动备份
· 看我将暴风影音私房技巧公布天下
· 在word中如何控制graph控件
· 在项目中使用Hibernate进行大数据量的性能测试,有一些总结
23568
18