asp实现防止从外部提交数据的三种方法 |
|
本文标签:asp,防止,外部提交数据 防止从外部提交数据的方法 第一种做法,屏蔽特殊字符和关键字 fqys=request.servervariables("query_string") dim nothis(18) nothis(0)="net user" nothis(1)="xp_cmdshell" nothis(2)="/add" nothis(3)="exec%20master.dbo.xp_cmdshell" nothis(4)="net localgroup administrators" nothis(5)="select" nothis(6)="count" nothis(7)="asc" nothis(8)="char" nothis(9)="mid" nothis(10)="" nothis(11)=":" nothis(12)="""" nothis(13)="insert" nothis(14)="delete" nothis(15)="drop" nothis(16)="truncate" nothis(17)="from" nothis(18)="%" errc=false for i= 0 to ubound(nothis) if instr(FQYs,nothis(i))<>0 then errc=true end if next if errc then response.write "<script language=""javascript"">" response.write "parent.alert(很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..);" response.write "self.location.href=default.asp;" response.write "</script>" response.end end if |
