<% '--------定义部份------------------ Dim Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr '自定义需要过滤的字串,用 "郭" 分隔 'Fy_In = "'aa;aaexecaainsertaaselectaadeleteaaupdateaacountaa*aachraamasteraatruncateaaaadeclareaa;" '---------------------------------- %> <% Fy_Inf = split(Fy_In,"aa") '--------GET部份------------------- If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then '--------写入数据库----------头----- 'Fy_dbstr="DBQ="+server.mappath("/SqlIn.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" 'Set Fy_db=Server.CreateObject("ADODB.CONNECTION") 'Fy_db.open Fy_dbstr 'Fy_db.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')") 'Fy_db.close 'Set Fy_db = Nothing '--------写入数据库----------尾----- Response.Write "" Response.Write "非法操作!系统做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:WEB GET
" Response.Write "提交参数:"&Fy_Get&"
" Response.Write "提交数据:"&Request.QueryString(Fy_Get) Response.End End If Next Next End If %>