第
种做法
屏蔽特殊
和关键字fqys=request.servervariables(\"query_
\") dim nothis(18)
nothis(0)=\"net user\"
nothis(1)=\"xp_cmdshell\"
nothis(2)=\"/add\"
nothis(3)=\"exec%20master.dbo.xp_cmdshell\"
nothis(4)=\"net localgroup administrators\"
nothis(5)=\"select\"
nothis(6)=\"count\"
nothis(7)=\"asc\"
nothis(8)=\"char\"
nothis(9)=\"mid\"
nothis(10)=\"\'\"
nothis(11)=\":\"
nothis(12)=\"\"\"\"
nothis(13)=\"insert\"
nothis(14)=\"delete\"
nothis(15)=\"drop\"
nothis(16)=\"truncate\"
nothis(17)=\"from\"
nothis(18)=\"%\"
errc=false
for i= 0 to ubound(nothis)
instr(FQYs,nothis(i))<>0 then errc=true
end
next
errc then response.write \"<script language=\"\"javascript\"\">\"
response.write \"parent.alert(\'很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..\');\"
response.write \"self.location.href=\'default.asp\';\"
response.write \"</script>\"
response.end
end
第 2种可以防止客户从本地提交到网站WebSite上
<%
server_v1=Cstr(Request.ServerVariables(\"HTTP_REFERER\"))
server_v2=Cstr(Request.ServerVariables(\"SERVER_NAME\"))
mid(server_v1,8,len(server_v2))<>server_v2 then response.write \"<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>\"
response.write \"<tr><td style=font:9pt Verdana>\"
response.write \"你提交
路径有误禁止从站点外部提交数据请不要乱该参数!\" response.write \"</td></tr></table></center>\"
response.end
end
%>
第 3
这样可以防止在输入框上打上or 1=1 字样 If Instr(request(\"username\"),\"=\")>0 or
Instr(request(\"username\"),\"%\")>0 or
Instr(request(\"username\"),chr(32))>0 or
Instr(request(\"username\"),\"?\")>0 or
Instr(request(\"username\"),\"&\")>0 or
Instr(request(\"username\"),\";\")>0 or
Instr(request(\"username\"),\",\")>0 or
Instr(request(\"username\"),\"\'\")>0 or
Instr(request(\"username\"),\"?\")>0 or
Instr(request(\"username\"),chr(34))>0 or
Instr(request(\"username\"),chr(9))>0 or
Instr(request(\"username\"),\"\")>0 or
Instr(request(\"username\"),\"$\")>0 or
Instr(request(\"username\"),\">\")>0 or
Instr(request(\"username\"),\"<\")>0 or
Instr(request(\"username\"),\"\"\"\")>0 then
最新评论