建站常识

ASP网站防注入函数

发布时间 | 2016/12/7  点击 | 

Response.Buffer = True
Const EnableStopInjection = True
If EnableStopInjection = True Then
If Request.QueryString <> "" Then Call StopInjection(Request.QueryString)
If Request.Cookies <> "" Then Call StopInjection(Request.Cookies)
If Request.Form <> "" Then Call StopInjection(Request.Form)
End If

Sub StopInjection(Values)
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|#|([\s\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
Response.Write "请不要使用敏感字符 021jz.com.cn"
Response.End
End If
Next
Set regEx = Nothing
End Sub

相关信息