用于防止sql注入攻击的 函数，大家可以直接用了，不过大家光会用不行，要增强安全意识

复制代码 代码如下:

'==========================

'过滤提交表单中的SQL

'==========================

functionForSqlForm()

dimfqys,errc,i,items

dimnothis(18)

nothis(0)="netuser"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="netlocalgroupadministrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="'"

nothis(11)=":"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

'nothis(19)="@"

errc=false

fori=0toubound(nothis)

foreachitemsinrequest.Form

ifinstr(request.Form(items),nothis(i))<>0then

response.write("<div>")

response.write("你所填写的信息:"&server.HTMLEncode(request.Form(items))&"<br>含非法字符:"¬his(i))

response.write("</div>")

response.write("对不起,你所填写的信息含非法字符！<ahref=""#""onclick=""history.back()"">返回</a>")

response.End()

endif

next

next

endfunction

'==========================

'过滤查询中的SQL

'==========================

functionForSqlInjection()

dimfqys,errc,i

dimnothis(19)

fqys=request.ServerVariables("QUERY_STRING")

nothis(0)="netuser"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="netlocalgroupadministrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="'"

nothis(11)=":"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

nothis(19)="@"

errc=false

fori=0toubound(nothis)

ifinstr(FQYs,nothis(i))<>0then

errc=true

endif

next

iferrcthen

response.write"查询信息含非法字符！<ahref=""#""onclick=""history.back()"">返回</a>"

response.end

endif

endfunction