进来看个问题..
防SQL注入要过滤哪些字符,,急,谢..
sql_GetDatas = "'|""|{|}|[|]|<|>|`|~|!|$|%|^|(|)|-|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or"
sql_PostDatas = "'|""|{|}|[|]|<|>|`|~|!|$|%|^|(|)|-"
'防止Get方法注入
Response.write Request.QueryString
If Request.QueryString<>"" Then
sql_Strs = Split(sql_GetDatas,"|")
For Each sql_FilerStr In Request.QueryString
For i=0 To Ubound(sql_Strs)
if instr(Request.QueryString(sql_FilerStr),sql_Strs(i))>0 Then
Response.Write "<Script Language=javascript>alert('请不要在参数中包含非法字符!');history.back(-1)</Script>"
Response.End
end if
next
Next
End If
'防止Post方法注入
If Request.Form<>"" Then
sql_Strs = Split(sql_PostDatas,"|")
For Each sql_FilerStr In Request.Form
For i=0 To Ubound(sql_Strs)
if instr(Request.Form(sql_FilerStr),sql_Strs(i))>0 Then
Response.Write "<Script Language=javascript>alert('您的输入包含非法字符');history.back(-1)</Script>"
Response.End
end if
next
next
end if
这个管事不?
