<%
Dim hzzhitinje_Post,hzzhitinje_Get,hzzhitinje_In,hzzhitinje_Inf,hzzhitinje_Xh,hzzhitinje_db,hzzhitinje_dbstr
'您可以在conn.asp中新增要过滤的参数,用#号隔开
hzzhitinje_In = "'#;#and#exec#insert#select#delete#update#count#chr#mid#master#truncate#char#declare"
hzzhitinje_Inf = split(hzzhitinje_In,"#")
'判断post参数
If Request.Form<>"" Then StopInjection(Request.Form)
'判断get参数
If Request.QueryString<>"" Then StopInjection(Request.QueryString)
'判断cookies参数
If Request.Cookies<>"" Then StopInjection(Request.Cookies)
Function StopInjection(values)
For Each hzzhitinje_Get In values
For hzzhitinje_Xh=0 To Ubound(hzzhitinje_Inf)
If Instr(LCase(values(hzzhitinje_Get)),hzzhitinje_Inf(hzzhitinje_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('防注入系统提示你:\n\n请不要在参数中包含非法字符。');</Script>"
Response.Write "非法操作!系统已经给你做了如下记录:<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交数据:"&values(hzzhitinje_Get)
Response.End
End If
Next
Next
End Function
%>
