'--------防SQL註入定義部份------------------
Dim?Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
'自定義需要過濾的字串,用?"|"?分隔
Fy_In?=?"'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
'----------------------------------
%>
<%
Fy_Inf?=?split(Fy_In,"|")
'--------防SQL註入POST部份------------------
If?Request.Form<>""?Then
For?Each?Fy_Post?In?Request.Form
For?Fy_Xh=0?To?Ubound(Fy_Inf)
If?Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0?Then
Response.Write?"<Script?Language=JavaScript>alert('系統提示↓\n\n請不要嘗試在參數中包含非法字符嘗試註入!');window.close();</Script>"
Response.End
End?If
Next
Next
End?If
'--------防SQL註入GET部份-------------------
If?Request.QueryString<>""?Then
For?Each?Fy_Get?In?Request.QueryString
For?Fy_Xh=0?To?Ubound(Fy_Inf)
If?Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0?Then
Response.Write?"<Script?Language=JavaScript>alert('系統提示↓\n\n請不要嘗試在參數中包含非法字符嘗試註入!');window.close();</Script>"
Response.End
End?If
Next
Next
End?If
'--------防SQL註入cookies部份-----------------
If?Request.Cookies<>""?Then
For?Each?Fy_cook?In?Request.Cookies
For?Fy_Xh=0?To?Ubound(Fy_Inf)
if?len(Request.Cookies(Fy_cook))?>?num?then
end?if
If?Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0?Then
Response.Write?"<Script?Language=JavaScript>alert('系統提示↓\n\n請不要嘗試在參數中包含非法字符嘗試註入!');window.close();</Script>"
Response.End
End?If
Next
Next
End?If
%>
希望采納,這個源碼我用了好幾年了,非常穩定,支持在COOKIES,POST與Get的防註入。