newasp中main类
');history.back(-1)</Script>"
CheckInfuse = ""
Response.End
End If
End Function
Public Sub PreventInfuse()
On Error Resume Next
Dim SQL_Nonlicet, arrNonlicet
Dim PostRefer, GetRefer, Sql_DATA
SQL_Nonlicet = "''|;|^|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
arrNonlicet = Split(SQL_Nonlicet, "|")
If Request.Form <> "" Then
For Each PostRefer In Request.Form
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.Form(PostRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert(''安全系统提示↓\n\n请不要在参数中包含非法字符!'');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
If Request.QueryString <> "" Then
For Each GetRefer In Request.QueryString
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.QueryString(GetRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert(''安全系统提示↓\n\n请不要在参数中包含非法字符!'');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
End Sub
''================================================
''函数名:ChkQueryStr
''作 用:过虑查询的非法字符
''参 数:str ----原字符串
''返回值:过滤后的字符
''================================================
Public Function ChkQueryStr(ByVal str)
On Error Resume Next
If IsNull(str) Then
ChkQueryStr = ""
Exit Function
End If
str = Replace(str, "!", "")
str = Replace(str, "]", "")
str = Replace(str, "[", "")
str = Replace(str, ")", "")
str = Replace(str, "(", "")
str = Replace(str, "|", "")
str = Replace(str, "+", "")
str = Replace(str, "=", "")
str = Replace(str, "''", "''''")
str = Replace(str, "%", "")
str = Replace(str, "&", "")
str = Replace(str, "#", "")
str = Replace(str, "^", "")
str = Replace(str, " ", " ")
str = Replace(str, Chr(37), "")
str = Replace(str, Chr(0), "")
ChkQueryStr = str
End Function
''================================================
''过程名:CheckQuery
''作 用:限制搜索的关键字
''参 数:str ----搜索的字符串
''返回值:True; False
''================================================
Public Function CheckQuery(ByVal str)
Dim FobWords, i, keyword
keyword = str
On Error Resume Next
FobWords = Array(91, 92, 304, 305, 430, 431, 437, 438, 12460, 12461, 12462, 12463, 12464, 12465, 12466, 12467, 12468, 12469, 1
CheckInfuse = ""
Response.End
End If
End Function
Public Sub PreventInfuse()
On Error Resume Next
Dim SQL_Nonlicet, arrNonlicet
Dim PostRefer, GetRefer, Sql_DATA
SQL_Nonlicet = "''|;|^|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
arrNonlicet = Split(SQL_Nonlicet, "|")
If Request.Form <> "" Then
For Each PostRefer In Request.Form
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.Form(PostRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert(''安全系统提示↓\n\n请不要在参数中包含非法字符!'');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
If Request.QueryString <> "" Then
For Each GetRefer In Request.QueryString
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.QueryString(GetRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert(''安全系统提示↓\n\n请不要在参数中包含非法字符!'');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
End Sub
''================================================
''函数名:ChkQueryStr
''作 用:过虑查询的非法字符
''参 数:str ----原字符串
''返回值:过滤后的字符
''================================================
Public Function ChkQueryStr(ByVal str)
On Error Resume Next
If IsNull(str) Then
ChkQueryStr = ""
Exit Function
End If
str = Replace(str, "!", "")
str = Replace(str, "]", "")
str = Replace(str, "[", "")
str = Replace(str, ")", "")
str = Replace(str, "(", "")
str = Replace(str, "|", "")
str = Replace(str, "+", "")
str = Replace(str, "=", "")
str = Replace(str, "''", "''''")
str = Replace(str, "%", "")
str = Replace(str, "&", "")
str = Replace(str, "#", "")
str = Replace(str, "^", "")
str = Replace(str, " ", " ")
str = Replace(str, Chr(37), "")
str = Replace(str, Chr(0), "")
ChkQueryStr = str
End Function
''================================================
''过程名:CheckQuery
''作 用:限制搜索的关键字
''参 数:str ----搜索的字符串
''返回值:True; False
''================================================
Public Function CheckQuery(ByVal str)
Dim FobWords, i, keyword
keyword = str
On Error Resume Next
FobWords = Array(91, 92, 304, 305, 430, 431, 437, 438, 12460, 12461, 12462, 12463, 12464, 12465, 12466, 12467, 12468, 12469, 1