登录时候白名单过滤实例:
dim Query_Badword,Form_Badword
Query_Badword="'‖and‖select‖update‖chr‖delete‖%20from‖;‖insert‖mid‖master.‖set‖chr(37)‖="'在这部份定义get非法参数,使用"‖"号间隔
Form_Badword="'‖%‖&‖*‖#‖@‖=‖select‖and‖set‖delete" '在这部份定义post非法参数,使用"‖"号间隔
On Error Resume Next
'----- 对 get query 值 的过滤.
if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"‖")
FOR EACH Query_form_name IN Request.QueryString
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_form_name)),Chk_badword(i))<>0 Then
Response.Write "<Script Language=JavaScript>alert('传参错误!参数 "&form_name&" 的值中包含非法字符串!\n\n请不要在参数中出现:and update delete ; insert mid master 等非法字符!');window.location.href='Login.asp';</Script>"
Response.End
End If
NEXT
next
end if
'-----对 post 表 单值的过滤.
if request.form<>"" then
Chk_badword=split(Form_Badword,"‖")
'FOR EACH form_name IN Request.Form
for i=0 to ubound(Chk_badword)
If Instr(LCase(UserID),Chk_badword(i))<>0 Then
Response.Write "<Script Language=JavaScript>alert('出错了!用户名中包含非法字符串!\n\n请不要在表单中出现: % & * # ( ) 等非法字符!');window.location.href='Login.asp';</Script>"
Response.End
End If
'NEXT
next
end if