asp get和post数据接收过滤

　　复制代码 代码如下:
<%
--------定义部份------------------
Dim XH_Post,XH_Get,XH_In,XH_Inf,XH_Xh,XH_db,XH_dbstr
自定义需要过滤的字串,用 分隔
XH_In = ;andexecinsertselectdelete%20fromupdatecount*%chrmidmastertruncatechardeclaredrop%20tablefromnet%20userxp_cmdshell/addnet%20localgroup%20administratorsAscchar
----------------------------------
%>
<%
XH_Inf = split(XH_In,)
--------POST部份------------------
If Request.Form<> Then
For Each XH_Post In Request.Form
For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.Form(XH_Post)),XH_Inf(XH_Xh))<>0 Then
Response.Write <Script Language=JavaScript>alert(请不要在参数中包含非法字符尝试注入！);</Script>
Response.Write 非法操作！系统做了如下记录↓<br>
Response.Write 操作ＩＰ：&Request.ServerVariables(REMOTE_ADDR)<br>
Response.Write 操作时间：&Now<br>
Response.Write 操作页面：&Request.ServerVariables(URL)<br>
Response.Write 提交方式：ＰＯＳＴ<br>
Response.Write 提交参数：&XH_Post<br>
Response.Write 提交数据：&Request.Form(XH_Post)
Response.End
End If
Next
Next
End If
----------------------------------
--------GET部份-------------------
If Request.QueryString<> Then
For Each XH_Get In Request.QueryString
For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.QueryString(XH_Get)),XH_Inf(XH_Xh))<>0 Then
Response.Write <Script Language=JavaScript>alert(请不要在参数中包含非法字符尝试注入！);</Script>
Response.Write 非法操作！系统做了如下记录↓<br>
Response.Write 操作ＩＰ：&Request.ServerVariables(REMOTE_ADDR)<br>
Response.Write 操作时间：&Now<br>
Response.Write 操作页面：&Request.ServerVariables(URL)<br>
Response.Write 提交方式：ＧＥＴ<br>
Response.Write 提交参数：&XH_Get<br>
Response.Write 提交数据：&Request.QueryString(XH_Get)
Response.End
End If
Next
Next
End If
----------------------------------
%>