用于防止sql注入攻击的 函数，大家可以直接用了，不过大家光会用不行，要增强安全意识
复制代码 代码如下:
'==========================
'过滤提交表单中的SQL
'==========================
functionForSqlForm()
dimfqys,errc,i,items
dimnothis(18)
nothis(0)="netuser"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="netlocalgroupadministrators"
nothis(5)="select"
nothis(6)="count"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)=":"
nothis(12)=""""
nothis(13)="insert"
nothis(14)="delete"
nothis(15)="drop"
nothis(16)="truncate"
nothis(17)="from"
nothis(18)="%"
'nothis(19)="@"
errc=false
fori=0toubound(nothis)
foreachitemsinrequest.Form
ifinstr(request.Form(items),nothis(i))<>0then
response.write("<div>")
response.write("你所填写的信息:"&server.HTMLEncode(request.Form(items))&"<br>含非法字符:"&nothis(i))
response.write("</div>")
response.write("对不起,你所填写的信息含非法字符！<ahref=""#""onclick=""history.back()"">返回</a>")
response.End()
endif
next
next
endfunction
'==========================
'过滤查询中的SQL
'==========================
functionForSqlInjection()
dimfqys,errc,i
dimnothis(19)
fqys=request.ServerVariables("QUERY_STRING")
nothis(0)="netuser"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="netlocalgroupadministrators"
nothis(5)="select"
nothis(6)="count"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)=":"
nothis(12)=""""
nothis(13)="insert"
nothis(14)="delete"
nothis(15)="drop"
nothis(16)="truncate"
nothis(17)="from"
nothis(18)="%"
nothis(19)="@"
errc=false
fori=0toubound(nothis)
ifinstr(FQYs,nothis(i))<>0then
errc=true
endif
next
iferrcthen
response.write"查询信息含非法字符！<ahref=""#""onclick=""history.back()"">返回</a>"
response.end
endif
endfunction