<%
'--------定义部份------------------Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr'自定义需要过滤的字串,用 "枫" 分隔Fy_In = "'枫;枫and枫exec枫insert枫select枫delete枫update枫count枫*枫%枫chr枫mid枫master枫truncate枫char枫declare"Fy_Inf = split(Fy_In,"枫")If Request.Form<>"" ThenFor Each Fy_Post In Request.FormFor Fy_Xh=0 To Ubound(Fy_Inf)If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 ThenResponse.Write "<Script Language=JavaScript>alert('提示:您想通过SQL注入↓\n\n请您马上停止这种非法行为,您的IP已被我们的系统记录,查明以后我们将移交公安机关严肃处理!');</Script>"Response.Write "非法操作!系统做了如下记录↓<br>"Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"Response.Write "操作时间:"&Now&"<br>"Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"Response.Write "提交方式:POST<br>"Response.Write "提交参数:"&Fy_Post&"<br>"Response.Write "提交数据:"&Request.Form(Fy_Post)Response.EndEnd IfNextNextEnd IfIf Request.QueryString<>"" ThenFor Each Fy_Get In Request.QueryStringFor Fy_Xh=0 To Ubound(Fy_Inf)If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 ThenResponse.Write "<Script Language=JavaScript>alert('提示:您想通过SQL注入↓\n\n请您马上停止这种非法行为,您的IP已被我们的系统记录,查明以后我们将移交公安机关严肃处理!');</Script>"Response.Write "非法操作!我们已经给你做了如下记录↓<br>"Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"Response.Write "操作时间:"&Now&"<br>"Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"Response.Write "提交方式:GET<br>"Response.Write "提交参数:"&Fy_Get&"<br>"Response.Write "提交数据:"&Request.QueryString(Fy_Get)Response.EndEnd IfNextNext
End If
%>