Dim PostRefer, GetRefer, Sql_DATA
SQL_Nonlicet = "'|;|^|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
arrNonlicet = Split(SQL_Nonlicet, "|")
If Request.Form <> "" Then
For Each PostRefer In Request.Form
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.Form(PostRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert('安全系统提示↓nn请不要在参数中包含非法字符!');history.back(-1)</Script>"
Response.End
End If
Next
Next
End If
If Request.QueryString <> "" Then
For Each GetRefer In Request.QueryString
For Sql_DATA = 0 To UBound(arrNonlicet)
If InStr(1, Request.QueryString(GetRefer), arrNonlicet(Sql_DATA), 1) > 0 Then
Response.Write "<Script Language=JavaScript>alert('安全系统提示↓nn请不要在参数中包含非法字符!');history.back(-1)</Script>"
Response.End
End If
Next
