www.diandiba.com记录点点滴滴,尽在点滴吧
- 文章
- 文章
- 特效
- 素材
- 景点
www.diandiba.com<%
function saferequest(paraname)
dim paravalue
paravalue=request(paraname)
if isnumeric(paravalue) = true then
saferequest=paravalue
exit function
elseif instr(lcase(paravalue),"select ") > 0 or instr(lcase(paravalue),"insert ") > 0 or instr(lcase(paravalue),"delete from") > 0 or instr(lcase(paravalue),"count(") > 0 or instr(lcase(paravalue),"drop table") > 0 or instr(lcase(paravalue),"update ") > 0 or instr(lcase(paravalue),"truncate ") > 0 or instr(lcase(paravalue),"asc(") > 0 or instr(lcase(paravalue),"mid(") > 0 or instr(lcase(paravalue),"char(") > 0 or instr(lcase(paravalue),"xp_cmdshell") > 0 or instr(lcase(paravalue),"exec master") > 0 or instr(lcase(paravalue),"net localgroup administrators") > 0 or instr(lcase(paravalue)," and ") > 0 or instr(lcase(paravalue),"net user") > 0 or instr(lcase(paravalue)," or ") > 0 then
response.write "<script language='javascript'>"
response.write "alert('非法的请求!');" '发现sql注入攻击提示信息
response.write "location.href='http://blog.knowsky.com/';" '发现sql注入攻击转跳网址
response.write "<script>"
response.end
else
saferequest=paravalue
end if
end function
%>使用saferequest函数替换你的request