防止从外部提交数据的方法

第一种做法，屏蔽特殊字符和关键字

fqys=request.servervariables("query_string")

dimnothis(18)

nothis(0)="netuser"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="netlocalgroupadministrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="'"

nothis(11)=":"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

errc=false

fori=0toubound(nothis)

ifinstr(FQYs,nothis(i))<>0then

errc=true

endif

next

iferrcthen

response.write"<scriptlanguage=""javascript"">"

response.write"parent.alert('很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..');"

response.write"self.location.href='default.asp';"

response.write"</script>"

response.end

endif
123下一页阅读全文