看看这段代码,我也不大懂squery=lcase(Request.ServerVariables("QUERY_STRING"))sURL=lcase(Request.ServerVariables("HTTP_HOST"))allquery=squery+sURLIf InStr(allquery,"%20")0 or InStr(allquery,"%27")0 or InStr(allquery,"'")0 or InStr(allquery,"%a1a1")0 or InStr(allquery,"%24")0 or InStr(allquery,"$")0 or InStr(allquery,"%3b")0 or InStr(allquery,";")0 or InStr(allquery,"%%")0 or InStr(allquery,"%3c")0 or InStr(allquery,"0 or InStr(allquery,">")0 or InStr(allquery,"--")0 or InStr(allquery,"sp_")0 or InStr(allquery,"xp_")0 or InStr(allquery,"exec")0 or InStr(allquery,"\")0 or InStr(allquery,"delete")0 or InStr(allquery,"dir")0 or InStr(allquery,"exe")0 or InStr(allquery,"select")0 or InStr(allquery,"Update")0 or InStr(allquery,"cmd")0 or InStr(allquery,"*")0 or InStr(allquery,"^")0 or InStr(allquery,"(")0 or InStr(allquery,")")0 or InStr(allquery,"+")0 or InStr(allquery,"copy")0 or InStr(allquery,"format")0 or not(isnumeric(Request("id"))) then Response.Redirect "/" Response.End |