枫叶SQL通用防注入 V1.0 ASP版

 

< %
Dim  Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx
' ---定义部份  头------
Fy_Cl  =   1          ' 处理方式：1=提示信息,2=转向页面,3=先提示再转向
Fy_Zx  =   " Error.Asp "      ' 出错时转向的页面
' ---定义部份  尾------

' ----------版权说明----------------
' 枫叶SQL通用防注入 V1.0 ASP版
' 本程序由 枫知秋 独立开发
' 有疑问或想得到最新版请联系本人
'       联系QQ:613548
' 使用时请保留本人版权信息。
' 本程序欢迎转载
' --------枫知秋 版权所有-----------
On   Error   Resume   Next
Fy_Url = Request.ServerVariables( " QUERY_STRING " )
Fy_a = split (Fy_Url, " & " )
redim  Fy_Cs( ubound (Fy_a))
On   Error   Resume   Next
for  Fy_x = 0   to   ubound (Fy_a)
Fy_Cs(Fy_x)  =   left (Fy_a(Fy_x), instr (Fy_a(Fy_x), " = " ) - 1 )
Next
For  Fy_x = 0   to   ubound (Fy_Cs)
If  Fy_Cs(Fy_x) <> ""   Then
If   Instr ( LCase (Request(Fy_Cs(Fy_x))), " ' " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " and " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " select " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " update " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " chr " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " delete%20from " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " ; " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " insert " ) <> 0   or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " mid " ) <> 0   Or   Instr ( LCase (Request(Fy_Cs(Fy_x))), " master. " ) <> 0   Then
Select   Case  Fy_Cl
   Case   " 1 "
Response.Write  " <Script Language=javascript>alert('                   出现错误！参数  " & Fy_Cs(Fy_x) & "  的值中包含非法字符串！   请不要在参数中出现：;,and,select,update,insert,delete,chr 等非法字符！ by KenJoy  EMail:62561@qq.com');window.close();</Script> "
   Case   " 2 "
Response.Write  " <Script Language=javascript>location.href=' " & Fy_Zx & " '</Script> "
   Case   " 3 "
Response.Write  " <Script Language=javascript>alert('                   出现错误！参数  " & Fy_Cs(Fy_x) & " 的值中包含非法字符串！   请不要在参数中出现：;,and,select,update,insert,delete,chr 等非法字符！ by KenJoy  EMail:62561@qq.com');location.href=' " & Fy_Zx & " ';</Script> "
End   Select
Response.End
End   If
End   If
Next
% >