Â¥Ö÷

ASPº¯Êý¹ýÂ˵ļ¸ÖÖ·½·¨ ת×Ô: ÖйúÕ¾³¤Ìù°É   sungla(maomao) ·¢±íÓÚ1-28 10:42 1.Êý×ÖÐͱäÁ¿:ÓÃisNumeric()ÅжÏÊÇ·ñΪÊý×Ö 2.×Ö·ûÐÍ»òÆäËüÀàÐͱäÁ¿:½«µ¥ÒýºÅ'Ìæ»»³ÉÁ½¸ö ÏÂÃæ¸ø³öÁ½¸öº¯Êý,ÓÃÀ´´úÌæASPµÄRequestº¯Êý,ֻҪÿ´¦µØ·½Ê¹ÓÃÕâÁ½¸öº¯ÊýÈ¡Öµ,SQL×¢Èë¸ù±¾Ã»ÓÐÓÃÎäÖ®µØ. '---------------------------------------------------------------- ' »ñÈ¡Êý×ÖÐͲÎÊý '---------------------------------------------------------------- Function ReqNum ( StrName ) ReqNum = Request ( StrName ) if not isNumeric ( ReqNum ) then   response.write "²ÎÊý±ØÐëΪÊý×ÖÐÍ!"   response.end end if End Function '---------------------------------------------------------------- ' »ñÈ¡×Ö·ûÐͲÎÊý '---------------------------------------------------------------- Function ReqStr ( StrName ) ReqStr = Replace ( Request(StrName),"'","¡®") End Function ************************************************** 'º¯ÊýÃû£ºkillbad(¿Á¿Ì¼ìÑé) '×÷ Ó㺹ýÂË·Ç·¨µÄSQL×Ö·û '²Î Êý£ºstrChar-----Òª¹ýÂ˵Ä×Ö·û '·µ»ØÖµ£º¹ýÂ˺óµÄ×Ö·û '************************************************** function killbad(strChar) if strChar="" then killbad="" else killbad=replace(replace(replace(replace(replace(replace(replace(replace(strChar,"'","¡¯"),"*","¡Á"),"?","£¿"),"(","£¨"),")","£©"),"<","¡´"),".","¡£"),";","£»") end if end function '************************************************** 'º¯ÊýÃû£ºkickbad(Ò»°ã¼ìÑé) '×÷ Ó㺹ýÂË·Ç·¨µÄSQL×Ö·û '²Î Êý£ºstrChar-----Òª¹ýÂ˵Ä×Ö·û '·µ»ØÖµ£º¹ýÂ˺óµÄ×Ö·û '************************************************** function kickbad(strChar) if strChar="" then kickbad="" else kickbad=replace(replace(replace(replace(replace(replace(replace(strChar,"'","¡¯"),"*","¡Á"),"?","£¿"),"(","£¨"),")","£©"),"<","¡´"),";","£»") end if end function <% ' ¼ì²é·Ç·¨* dim qs,errc,i qs=request.servervariables("query_string") dim nothis(18) nothis(0)="net user" nothis(1)="xp_cmdshell" nothis(2)="/add" nothis(3)="exec%20master.dbo.xp_cmdshell" nothis(4)="net localgroup administrators" nothis(5)="select" nothis(6)="count" nothis(7)="asc" nothis(8)="char" nothis(9)="mid" nothis(10)="'" nothis(11)=":" nothis(12)="""" nothis(13)="insert" nothis(14)="delete" nothis(15)="drop" nothis(16)="truncate" nothis(17)="from" nothis(18)="%" errc=false for i= 0 to ubound(nothis) if instr(qs,nothis(i))<>0 then errc=true end if next if errc then response.write "<script language=""javascript"">" response.write "parent.alert('ºÜ±§Ç¸!ÄãµÄ*×÷²»±»ÔÊÐí£¬Çë²é¿´ÄúÊDz»ÊÇÊä´íÁË£¿!È·¶¨ºó½«Ö±½ÓתÏòÊ×Ò³..');" response.write "self.location.href='index.asp';" response.write "</script>" response.end end if %> <% function killbad(strchar) if strchar="" then killbad="" else killbad=replace(strchar,"'","¡®") killbad=replace(strchar,";","£»") killbad=replace(strchar,",","£¬") killbad=replace(strchar,"?","£¿") killbad=replace(strchar,"<","£¼") killbad=replace(strchar,">","£¾") killbad=replace(strchar,"(","£¨") killbad=replace(strchar,")","£©") killbad=replace(strchar,"@","£À") killbad=replace(strchar,"=","£½") killbad=replace(strchar,"+","£«") killbad=replace(strchar,"*","£ª") killbad=replace(strchar,"&","£¦") killbad=replace(strchar,"#","££") killbad=replace(strchar,"%","£¥") killbad=replace(strchar,"$","£¤") end if end function %> ÿҳ¶¼µ÷Óã¬È»ºóÔÚÐèÒªÑéÖ¤µÄµØ·½¼ÓÉÏkillbad    Êղؠ  ·ÖÏí   ¶¥(0)