<%
Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx
'---定义部份 头------
Fy_Cl = 2 '处理方式:1=提示信息,2=转向页面,3=先提示再转向
Fy_Zx = "Err.html" '出错时转向的页面
'---定义部份 尾------
On Error Resume Next
Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))
On Error Resume Next
for Fy_x=0 to ubound(Fy_a)
Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next
For Fy_x=0 to ubound(Fy_Cs)
If Fy_Cs(Fy_x)<>"" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Then
Select Case Fy_Cl
Case "1"
Response.Write ""
Case "2"
Response.Write ""
Case "3"
Response.Write ""
End Select
Response.End
End If
End If
Next%>
<%
get_querystring("")
function get_querystring(str)
dim sql_injdata ,q
SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|,"
SQL_inj = split(SQL_Injdata,"|")
if str<>"" then 'str不为空说明这个参数一定要访问的参数,为空说明没有一定要出现的数!
If Request.QueryString="" Then
response.Write("")
response.End()
end if
end if
if Request.QueryString<>"" then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
response.Write("")
response.End()
end if
next
if not IsNumeric(Request.QueryString(SQL_Get)) then
response.Write("")
response.End()
end if
next
if str<>"" then
if request(str)="" then
response.Write("")
response.End()
end if
end if
End If
end function
%>
<%
' *----------------------------------------------------------------------------
' * 函数:HTMLEncode
' * 描述:过滤HTML代码
' * 参数:--
' * 返回:--
' * 作者:
' * 日期:
' *----------------------------------------------------------------------------
function HTMLEncode(fString)
if not isnull(fString) then
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<")
fString = Replace(fString, CHR(32), " ")
fString = Replace(fString, CHR(9), " ")
fString = Replace(fString, CHR(34), """)
fString = Replace(fString, CHR(39), "'")
fString = Replace(fString, CHR(13), "")
fString = Replace(fString, CHR(10) & CHR(10), " ")
fString = Replace(fString, CHR(10), "
")
HTMLEncode = fString
end if
end function%>
·0551租房网
·安徽企盟
·徽派食品
·古井集团--古皖天下营销中心
·好运来驴肉火锅
·合肥顺昌不锈钢制造有限公司
·明源餐饮
·铭力装饰
·五洲装饰
·合肥三里街街道
|