<%
'---------define area
Dim Query_Badword, Form_Badword, Err_Message, Err_web, form_name
Err_Message = 1 '1 = alert 2 = jump 3 = alert then jump
Err_web = "Err.asp" 'jump triggle
Query_Badword = "'//and//select//update//chr//delete//%20from//;//insert//mid//master.//set//chr(37)//=" '!get! badword define
Form_Badword = "'//%//&//*//#//@//(//)//=//select//and//set//delete"
'!post!
'---------define over
On Error Resume Next
'---------get filter
if request.QueryString <> "" then
Chk_badword = split(Query_Badword, "//");
for each Query_form_name in Request.QueryString
For i = 0 To UBound(Chk_badword)
If InStr(LCase(request.QueryString(Query_form_name)), Chk_badword(i)) <> 0 Then
Select Case Err_Message
Case "1"
Response.Write "<script language=javascript>alert('传参错误!参数"&form_name&"的值包含非法字符串!window.close();</script>"
Case "2"
Response.Write "<script language=javascript>location.href='"&Err_Web&"'</script>"
Case "3"
Response.Write "<script language=javascript>alert('传参错误!参数"&form_name&"的值包含非法字符串!;location.href='"&Err_Web&"';</script>"
End Select
Response.End
End If
Next
Next
End If
'-----------------对post表单值过滤
If request.Form <> " " Then
Chk_badwrod=split(Form_Badword, "//");
For Each form_name In Request.Form
For i = 0 To UBound(Chk_badword)
If InStr(LCase(request.QueryString(Query_form_name)), Chk_badword(i)) <> 0 Then
Select Case Err_Message
Case "1"
Response.Write "<script language=javascript>alert('传参错误!参数"&form_name&"的值包含非法字符串!window.close();</script>"
Case "2"
Response.Write "<script language=javascript>location.href='"&Err_Web&"'</script>"
Case "3"
Response.Write "<script language=javascript>alert('传参错误!参数"&form_name&"的值包含非法字符串!;location.href='"&Err_Web&"';</script>"
End Select
Response.End
End If
Next
Next
End If
%>