asp防注入代码！ 要求斑竹加精,不然不干 了.

lxhlblb

  <%
On Error Resume Next
Dim strTemp,hk
If Trim(Request.QueryString) <> "" Then strTemp =Trim(Request.QueryString)
strTemp = LCase(strTemp)
hk=0
If Instr(strTemp,"%")<>0 then hk=1
If Instr(strTemp,"count(")<>0 then hk=1
If Instr(strTemp,"asc(")<>0 then hk=1
If Instr(strTemp,"mid(")<>0 then hk=1
If Instr(strTemp,"char(")<>0 then hk=1
If Instr(strTemp,"xp_cmdshell")<>0 then hk=1
If Instr(strTemp,"'")<>0 then hk=1
If Instr(strTemp,"select")<>0 then hk=1
If Instr(strTemp,"insert")<>0 then hk=1
If Instr(strTemp,"delete")<>0 then hk=1
If Instr(strTemp,"update")<>0 then hk=1
If Instr(strTemp,"and")<>0 then hk=1
If Instr(strTemp,"or")<>0 then hk=1
If Instr(strTemp,";")<>0 then hk=1
if hk=1 then
Response.Write "<script language='javascript'>"
Response.Write "alert('提交字符中包含非法字符,您的上网资料已被我们记录！');"
Response.Write "location.href='javascript:history.back()';"
Response.Write "</script>"
response.end
hk=0
End If
%>

gongde997

我支持你哈~~~~~~~

假面使者

晕，我早有用到

2912268

原来是这样啊

我说注入一个网站 怎么老弹那句话呢

xchange

这一点点是放不住的，ASP太没出息了……

lumei

[s:15]  [s:16]  [s:20]  [s:34]

lxhlblb

  <%
On Error Resume Next
Dim strTemp,hk
If Trim(Request.QueryString) <> "" Then strTemp =Trim(Request.QueryString)
strTemp = LCase(strTemp)
hk=0
If Instr(strTemp,"%")<>0 then hk=1
If Instr(strTemp,"count(")<>0 then hk=1
If Instr(strTemp,"asc(")<>0 then hk=1
If Instr(strTemp,"mid(")<>0 then hk=1
If Instr(strTemp,"char(")<>0 then hk=1
If Instr(strTemp,"xp_cmdshell")<>0 then hk=1
If Instr(strTemp,"'")<>0 then hk=1
If Instr(strTemp,"select")<>0 then hk=1
If Instr(strTemp,"insert")<>0 then hk=1
If Instr(strTemp,"delete")<>0 then hk=1
If Instr(strTemp,"update")<>0 then hk=1
If Instr(strTemp,"and")<>0 then hk=1
If Instr(strTemp,"or")<>0 then hk=1
If Instr(strTemp,";")<>0 then hk=1
if hk=1 then
Response.Write "<script language='javascript'>"
Response.Write "alert('提交字符中包含非法字符,您的上网资料已被我们记录！');"
Response.Write "location.href='javascript:history.back()';"
Response.Write "</script>"
response.end
hk=0
End If
%>