Response.Buffer = TrueConst EnableStopInjection = TrueIf EnableStopInjection = True ThenIf Request.QueryString <> "" Then Call StopInjection(Request.QueryString)If Request.Cookies <> "" Then Call StopInjection(Request.Cookies)If Request.Form <> "" Then Call StopInjection(Request.Form)End IfSub StopInjection(Values)Dim regExSet regEx = New RegExpregEx.IgnoreCase = TrueregEx.Global = TrueregEx.Pattern = "'|;|#|([\s\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"Dim sItem, sValueFor Each sItem In ValuessValue = Values(sItem)If regEx.Test(sValue) ThenResponse.Write "请不要使用敏感字符 021jz.com.cn"Response.EndEnd IfNextSet regEx = NothingEnd Sub
