作者:武汉SEO闵涛  文章来源:敏韬网  更新时间:2007/11/14 13:08:21

function ForSqlForm()
 dim fqys,errc,i,items
 dim nothis(18)
 nothis(0)="net user"




 nothis(4)="net localgroup administrators"
















 for i= 0 to ubound(nothis)
  for each items in request.Form
  if instr(request.Form(items),nothis(i))<>0 then
   response.write("你所填写的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i))
   response.write("对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>")
  end if
end function
function ForSqlInjection()
 dim fqys,errc,i
 dim nothis(19)
 fqys = request.ServerVariables("QUERY_STRING")
 nothis(0)="net user"




 nothis(4)="net localgroup administrators"
















 for i= 0 to ubound(nothis)

 if instr(FQYs,nothis(i))<>0 then


 end if


 if errc then
 response.write "查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>"

 end if

end function

