|
FUNCTION CHECKSTR(ISTR)
DIM ISTR_FORM,SQL_KILL,SQL_KILL_1,SQL_KILL_2,ISTR_KILL
IF ISTR="" THEN EXIT FUNCTION
ISTR=LCase(ISTR)
ISTR_FORM=ISTR
SQL_KILL="'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|set|;|from|="
SQL_KILL_1=SPLIT(SQL_KILL,"|")
FOR EACH SQL_KILL_2 IN SQL_KILL_1
ISTR=REPLACE(ISTR,SQL_KILL_2,"")
NEXT
CHECKSTR=ISTR
ISTR_KILL=REPLACE(ISTR_FORM,ISTR,"")
IF ISTR<>ISTR_FORM THEN
RESPONSE.WRITE ""
RESPONSE.END
END IF
END FUNCTION
调用方法:
key=CHECKSTR(request.form("key"))
|
加好友 
发短信
Post By:2009-10-26 20:44:16
