asp中防止脚本注入攻击

<%
  SQL_injdata 
= "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
  SQL_inj 
= split(SQL_Injdata,"|")

  
If Request.QueryString<>"" Then
    
For Each SQL_Get In Request.QueryString
      
For SQL_Data=0 To Ubound(SQL_inj)
        
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
          Response.Write 
"<script Language=JavaScript>alert('非法连接!!')</script>"
          Response.end
        
end if
      
next
    
Next
  
End If

  
If Request.Form<>"" Then
    
For Each Sql_Post In Request.Form
      
For SQL_Data=0 To Ubound(SQL_inj)
        
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
          Response.Write 
"<script Language=JavaScript>alert('非法连接!!')</script>"
    Response.end
        
end if
      
next
    
next
  
end if
%>

posted @ 2008-03-27 23:58  Athrun  阅读(410)  评论(0编辑  收藏  举报