hzhost防asp攻擊函數

  hzhost防asp攻擊函數


Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue)  then
SafeRequest=ParaValue
exit Function

else
ParaValuetemp=lcase(ParaValue)
tempvalue="select |insert |delete from|'|count(|drop table|update |truncate  |asc(|mid(|char(|xp_cmdshell|exec master|net localgroup administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if  Instr(ParaValuetemp,temps(mycount)) > 0 then
        call errorpage(-2,"非法請求！！！")
        response.end
end if
next
SafeRequest=ParaValue
end if
End function

'=================