asp ÈçºÎ×öÄÜÌá¸ßÁ´½Ó´«µÝ²ÎÊýµÄ°²È«ÐÔ

Âé·³´ó¼Ò¸øÌáÌáÒâ¼ûÈçºÎ×ö²ÅÄÜ×öµ½Á´½Ó²ÎÊýµÄ°²È«ÐÔ

---

ûÓз־ÍûÈËÀí£¿

---

ÊÔÊÔÕâÖÖ¡£¡£
VBScript code:



Dim Query_Badword,Form_Badword,i,Err_Message,Err_Web,name

'------¶¨Ò岿·Ý Í·----------------------------------------------------------------------

Err_Message = 1 '´¦Àí·½Ê½£º1=ÌáʾÐÅÏ¢,2=תÏòÒ³Ãæ,3=ÏÈÌáʾÔÙתÏò

Err_Web = "Err.Asp" '³ö´íʱתÏòµÄÒ³Ãæ

Query_Badword="'¡Îand¡Îselect¡Îupdate¡Îchr¡Îdelete¡Î%20from¡Î;¡Îinsert¡Îmid¡Îmaster.¡Îset¡Îchr(37)¡Î="

'ÔÚÕⲿ·Ý¶¨Òåget·Ç·¨²ÎÊý,ʹÓÃ"¡Î"ºÅ¼ä¸ô

Form_Badword="'¡Î%¡Î&¡Î*¡Î#¡Î(¡Î)¡Î=" 'ÔÚÕⲿ·Ý¶¨Òåpost·Ç·¨²ÎÊý,ʹÓÃ"¡Î"ºÅ¼ä¸ô

'------¶¨Ò岿·Ý β-----------------------------------------------------------------------
'
On Error Resume Next

'----- ¶Ô get query Öµ µÄ¹ýÂË.

if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"¡Î")
FOR EACH Query_Name IN Request.QueryString
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i))<>0 Then
Select Case Err_Message
Case "1"
Response.Write "<Script Language=JavaScript>alert('´«²Î´íÎ󣡲ÎÊý "&name&" µÄÖµÖаüº¬·Ç·¨×Ö·û´®£¡\n\nÇë²»ÒªÔÚ²ÎÊýÖгöÏÖ£ºand update delete ; insert mid master µÈ·Ç·¨×Ö·û£¡');window.close();</Script