<%
dim sql_leach,sql_leach_0,sql_data,sql_get,sql_post
sql_leach = "',and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare"
sql_leach_0 = split(sql_leach,",")
if request.querystring<>"" then
for each sql_get in request.querystring
for sql_data=0 to ubound(sql_leach_0)
if instr(request.querystring(sql_get),sql_leach_0(sql_data))>0 then
response.write "请不要尝试进行sql注入!"
response.end
end if
next
next
end if
if request.form<>"" then
for each sql_post in request.form
for sql_data=0 to ubound(sql_leach_0)
if instr(request.form(sql_post),sql_leach_0(sql_data))>0 then
response.write "请不要尝试进行sql注入!"
response.end
end if
next
next
end if
%>