ÓÃÓÚ·ÀÖ¹sql×¢Èë¹¥»÷ - .NET¼¼Êõ / ASP.NET

ÓÃÓÚ·ÀÖ¹sql×¢Èë¹¥»÷µÄ
¡¶Ò»¡·
function ForSqlForm() 
dim fqys,errc,i,items 
dim nothis(18) 
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)=":" 
nothis(12)="""" 
nothis(13)="insert" 
nothis(14)="delete" 
nothis(15)="drop" 
nothis(16)="truncate" 
nothis(17)="from" 
nothis(18)="%" 
'nothis(19)="@" 
errc=false 
for i= 0 to ubound(nothis) 
for each items in request.Form 
if instr(request.Form(items),nothis(i))<>0 then 
response.write("<div>") 
response.write("ÄãËùÌîдµÄÐÅÏ¢:" & server.HTMLEncode(request.Form(items)) & "<br>º¬·Ç·¨×Ö·û:" & nothis(i)) 
response.write("</div>") 
response.write("¶Ô²»Æð,ÄãËùÌîдµÄÐÅÏ¢º¬·Ç·¨×Ö·û£¡<a href=""