时间:2021-07-01 10:21:17 帮助过:23人阅读
$magic_quotes_gpc = get_magic_quotes_gpc();
@extract(daddslashes($_));
@extract(daddslashes($_post));
@extract(daddslashes($_get));
if(!$magic_quotes_gpc) {
$_files = daddslashes($_files);
}
function daddslashes($string, $force = 0) {
if(!$globals['magic_quotes_gpc'] || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
下面是一款 sql防注入函数
<%
dim sql_injdata
sql_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
sql_inj = split(sql_injdata,"|")
if request.querystring<>"" then
for each sql_get in request.querystring
for sql_data=0 to ubound(sql_inj)
if instr(request.querystring(sql_get),sql_inj(sql_data))>0 then
response.write "