ASP防注入过滤代码
<%
--------说明------------------
使用方法： 在需要防注的页面头部用 <!--#Include File="sql2.Asp"-->包含就可以了
友情提示：把代码复制到CONN.asp(数据库连接文件) 那么，只要包含了CONN的所有文件都防注了
-------- ------------------------
Dim xf_Post,xf_Get,xf_In,xf_Inf,xf_Xh,xf_db,xf_dbstr
自定义需要过滤的字串,用 "|" 分隔
xf_In = "|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
xf_Inf = split(xf_In,"|")
If Request.Form<>"" Then
For Each xf_Post In Request.Form
For xf_Xh=0 To Ubound(xf_Inf)
If Instr(LCase(Request.Form(xf_Post)),xf_Inf(xf_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert(请不要在参数中包含非法字符尝试注入);</Script>"
Response.Write "非法操作！系统做了如下记录↓<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式：ＰＯＳＴ<br>"
Response.Write "提交参数："&xf_Post&"<br>"
Response.Write "提交数据："&Request.Form(xf_Post)
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each xf_Get In Request.QueryString
For xf_Xh=0 To Ubound(xf_Inf)
If Instr(LCase(Request.QueryString(xf_Get)),xf_Inf(xf_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert(请不要在参数中包含非法字符尝试注入);</Script>"
Response.Write "非法操作！系统已经给你做了如下记录↓<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式：ＧＥＴ<br>"
Response.Write "提交参数："&xf_Get&"<br>"
Response.Write "提交数据："&Request.QueryString(xf_Get)
Response.End
End If
Next
Next
End If
%>