|
SQL_injdata="'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj=split(SQL_Injdata,"|")
for I=0 to Ubound(SQL_inj)
if instr(ms,Sql_Inj(I))>0 Then
Response.Write "请不要在参数中包含非法字符尝试注入!"
Response.end
end if
next
调试的时候说 “if instr(ms,Sql_Inj(I))>0 Then ”无效的字符,我实在是看不出来哪里有问题诶。我把那个if条件语句去掉之后,它就说Response.Write "请不要在参数中包含非法字符尝试注入!" 无效字符。唉~
显示错误:
错误类型:
Microsoft VBScript 编译器错误 (0x800A0408)
无效字符
/consumer/saveupdate.asp, line 69
if instr(ms,Sql_Inj(I))>0 Then |
|