<% Dim Query_Badword,Form_Badword,Err_Message,Err_Web,form_name '------定义部份 头---------------------------------------------------------------------- Err_Message = 3 '处理方式：1=提示信息,2=转向页面,3=先提示再转向 Err_Web = "http://www.petking.cn" '出错时转向的页面 Query_Badword="'∥and∥select∥update∥chr∥delete∥%20from∥;∥insert∥mid∥master.∥set∥chr(37)" '在这部份定义get非法参数,使用"∥"号间隔 Form_Badword="'∥%∥&∥*∥#∥(∥)∥select∥and∥set∥delete" '在这部份定义post非法参数,使用"∥"号间隔 '------定义部份 尾----------------------------------------------------------------------- On Error Resume Next '----- 对 get query 值 的过滤. if request.QueryString<>"" then Chk_badword=split(Query_Badword,"∥") FOR EACH Query_form_name IN Request.QueryString for i=0 to ubound(Chk_badword) If Instr(LCase(request.QueryString(Query_form_name)),Chk_badword(i))<>0 Then Select Case Err_Message Case "1" Response.Write "" Case "2" Response.Write "" Case "3" Response.Write "" End Select Response.End End If NEXT NEXT End if %>