防注入代码：ASP安全防护策略

防网站漏洞扫描asp代码，也就是防注入的通用代码  
2012-01-09 21:29:16|  分类： 默认分类 |  标签： |字号大中小 订阅 
把下面的代码保存在公用文件里就可以防止注入扫描了，比方说conn.asp 里，根据多年开发的经验建议将网站后台和前台分离，后台一个conn.asp 前台一个conn.asp 前台conn.asp加如下代码
<% 
Dim flashack_Post,flashack_Get,flashack_In,flashack_Inf,flashack_Xh,flashack_db,flashack_dbstr 
flashack_In = "'※;※and※exec※insert※select※delete※update※count※*※%※chr※mid※master※truncate※char※declare" 
flashack_Inf = split(flashack_In,"※") 
If Request.Form<>"" Then 
For Each flashack_Post In Request.Form 
For flashack_Xh=0 To Ubound(flashack_Inf) 
If Instr(LCase(Request.Form(flashack_Post)),flashack_Inf(flashack_Xh))<>0 Then 
Response.Write "<Script Language=JavaScript>alert('flashack防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入,QQ:382601350！\n\nhttp://hi.baidu.com/liushankao339/home');</Script>" 
Response.Write "非法操作！系统做了如下记录↓<br>" 
Response.Write "操作IP："&Request.ServerVariables("REMOTE_ADDR")&"<br>" 
Response.Write "操作时间："&Now&"<br>" 
Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>" 
Response.Write "提交方式：POST<br>" 
Response.Write "提交参数："&flashack_Post&"<br>" 
Response.Write "提交数据："&Request.Form(flashack_Post) 
Response.End 
End If 
Next 
Next 
End If 
If Request.QueryString<>"" Then 
For Each flashack_Get In Request.QueryString 
For flashack_Xh=0 To Ubound(flashack_Inf) 
If Instr(LCase(Request.QueryString(flashack_Get)),flashack_Inf(flashack_Xh))<>0 Then 
Response.Write "<Script Language=JavaScript>alert('flashack防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入,QQ:382601350！\n\nhttp://hi.baidu.com/liushankao339/home');</Script>" 
Response.Write "非法操作！flashack已经给你做了如下记录↓<br>"