防注入ASP脚本

< %
dim  sql_leach,sql_leach_0,Sql_DATA,IP,Brown
' 加入要检测出的特殊字符---------------------------------------------------------------
sql_leach  =   " ',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c "
' 用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0  =   split (sql_leach, " , " )
IP
= request.ServerVariables( " REMOTE_ADDR " ' 提取对方IP
Brown = request.ServerVariables( " REQUEST_METHOD " ' 提取对方提交方式
Thispage = request.ServerVariables( " URL " )
' 检测Request.QueryString--------------------------------------------------------------
If  Request.QueryString <> ""   Then
' 循环开始,并查找URL设定的特殊字符----------------------------------------------------
For   Each  SQL_Get In Request.QueryString
For  SQL_Data = 0   To   Ubound (sql_leach_0)
if   instr (Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA)) > 0   Then
  
Set  cmd = server.CreateObject( " ADODB.COMMAND " )
  cmd.ActiveConnection 
=   " Provider=Microsoft.Jet.Oledb.4.0;Data source= "   &  server.mappath( " /database/SQL.mdb " )
  IP
= request.ServerVariables( " REMOTE_ADDR " ' 提取对方IP
  Brown = request.ServerVariables( " REQUEST_METHOD " ' 提取对方提交方式
  Thispage = request.ServerVariables( " URL " )
  cmd.commandtext
= " insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&') "
  cmd.ActiveConnection.close
Response.Write 
" <font color=red>请不要尝试进行SQL注入!</font><p> "
Response.Write 
" 你的信息已被记录↓<br> "
Response.Write 
" 你的IP: " & IP & " <br> "
Response.Write 
" 提交方式: " & brown & " <br> "
Response.Write 
" 提交页面: " & Thispage & " <p> "
Response.Write 
" 请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p> "
Response.Write 
" 【UMBRELLA网络安全小组特殊制作】 "
Response.end
end   if
next
Next
End   If
%
>

你可能感兴趣的:(asp)