ifnotisnull(strvalue)then
str=lcase(strvalue)
Str=Replace(Str,Chr(0),"",1,-1,1)
Str=Replace(Str,"""","",1,-1,1)
Str=Replace(Str,"","",1,-1,1)
Str=Replace(Str,"script","",1,-1,0)
Str=Replace(Str,"SCRIPT","",1,-1,0)
Str=Replace(Str,"Script","",1,-1,0)
Str=Replace(Str,"script","",1,-1,1)
Str=Replace(Str,"object","",1,-1,0)
Str=Replace(Str,"OBJECT","",1,-1,0)
Str=Replace(Str,"Object","",1,-1,0)
Str=Replace(Str,"object","",1,-1,1)
Str=Replace(Str,"applet","",1,-1,0)
Str=Replace(Str,"APPLET","",1,-1,0)
Str=Replace(Str,"Applet","",1,-1,0)
Str=Replace(Str,"applet","",1,-1,1)
Str=Replace(Str,"[","")
Str=Replace(Str,"]","")
Str=Replace(Str,"""","",1,-1,1)
Str=Replace(Str,"=","",1,-1,1)
Str=Replace(Str,"select","",1,-1,1)
Str=Replace(Str,"execute","",1,-1,1)
Str=Replace(Str,"exec","",1,-1,1)
Str=Replace(Str,"join","",1,-1,1)
Str=Replace(Str,"union","",1,-1,1)
Str=Replace(Str,"where","",1,-1,1)
Str=Replace(Str,"insert","",1,-1,1)
Str=Replace(Str,"delete","",1,-1,1)
Str=Replace(Str,"update","",1,-1,1)
Str=Replace(Str,"like","",1,-1,1)
Str=Replace(Str,"drop","",1,-1,1)
Str=Replace(Str,"create","",1,-1,1)
Str=Replace(Str,"rename","",1,-1,1)
Str=Replace(Str,"count","",1,-1,1)
Str=Replace(Str,"chr","",1,-1,1)
Str=Replace(Str,"mid","",1,-1,1)
Str=Replace(Str,"truncate","",1,-1,1)
Str=Replace(Str,"nchar","",1,-1,1)
Str=Replace(Str,"char","",1,-1,1)
Str=Replace(Str,"alter","",1,-1,1)
Str=Replace(Str,"cast","",1,-1,1)
Str=Replace(Str,"exists","",1,-1,1)
Str=Replace(Str,Chr(13),"",1,-1,1)
zhuru=Replace(Str,"'","",1,-1,1)
endif
zhuru=zhuru
endif
EndFunction
Functionzhuru_sql(strvalue,blotype)
ifblotypethen
ifisnumeric(strvalue)then
zhuru_sql=clng(strvalue)
else
strvalue=0
endif
else
IfIsnull(strvalue)Then
zhuru_sql=""
ExitFunction
EndIf
ifnotisnull(strvalue)then
str=lcase(strvalue)
qsurlcs=str
dimnothis(29)
nothis(0)="netuser"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="netlocalgroupadministrators"
nothis(5)="select"
nothis(6)="countee"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)="char"
nothis(12)=""""
nothis(13)="insert"
nothis(14)="delete"
nothis(15)="drop"
nothis(16)="truncate"
nothis(17)="from"
nothis(18)="anduser>0"
nothis(19)="char"
nothis(20)="exec"
nothis(21)="is_member"
nothis(22)="is_srvrolemember"
nothis(23)="declare"
nothis(24)="cast"
nothis(25)="fmtonly"
nothis(26)="off"
nothis(27)="%20and%20"
nothis(28)="master"
nothis(29)="db_name()"
errc=false
forqsurlcsiii=0toubound(nothis)
ifinstr(qsurlcs,nothis(qsurlcsiii))0then
Response.Write""
response.Write("")
response.end
endif
Next
zhuru_sql=zhuru_sql
endif
endif
EndFunction
分 -->
|