ASP 非法字符过滤函数


            复制代码 代码如下:

<% 

'==============================================================检查提交数据合法性 

Function CheckInput() 

 '--------定义部份------------------ 

 Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql 

 '自定义需要过滤的字串,用 "|" 分隔 

 Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" 

  

  

 Fy_Inf = split(Fy_In,"|") 

 '--------POST部份------------------ 

 If Request.Form <> "" Then 

  For Each Fy_Post In Request.Form 

   For Fy_Xh = 0 To Ubound(Fy_Inf) 

    If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh)) <> 0 Then 

     Echo "<Script Language=JavaScript>alert('请不要在参数中包含非法字符！');history.go(-1);</Script>" 

     Response.End 

    End If 

   Next 

  Next 

 End If 

 '---------------------------------- 

  

 '--------GET部份------------------- 

 If Request.QueryString <> "" Then 

  For Each Fy_Get In Request.QueryString 

   For Fy_Xh = 0 To Ubound(Fy_Inf) 

    If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh)) <> 0 Then 

     Echo "<Script Language=JavaScript>alert('请不要在参数中包含非法字符！');history.go(-1);</Script>" 

     Response.End 

    End If 

   Next 

  Next 

 End If 

End Function 

%>