我用的防治SQL注入的asp代码
作者:feng [勇敢的风]
<%
function sql_zr(str)
dim w,j
str=lcase(str)
w = "'∥%∥&∥*∥#∥@∥(∥)∥=∥and∥select∥update∥chr∥delete∥%20from∥;∥insert∥mid∥master.∥set∥chr(37)"
w = split(w,"∥") '22222222
for j = 0 to ubound(w)
if instr(str,w(j)) <> 0 then
response.redirect "../"
response.end
end if
next
end function
%>
以前没有限制大小写,现在加上了。
Trackback: http://tb.donews.net/TrackBack.aspx?PostId=402552