小弟偶从网上下了一个防止SQL注入的代码,如下:
----------------------------------------------------
<%
dim sql_injdata
SQL_injdata = " '|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare "
SQL_inj = split(SQL_Injdata, "| ")
If Request.QueryString <> " " Then
for each SQL_Get in request.QueryString
for SQL_Data=0 to Ubound(SQL_inj)
if instr(Request.QueryString([SQL_Get]),Sql_Inj(Sql_DATA))> 0 Then
Response.Write " <Script Language=javascript> alert( 'gggg! ');history.back(-1) </Script> "
Response.end
end if
next
next
End if
%>
一直提示错误:
Microsoft VBScript 编译器错误 (0x800A0408)
无效字符
/up.asp, line 6
for each SQL_Get in request.QueryString
从网上搜了很久,也没找到解决的办法,还请大家指教!!
------解决方案--------------------
([SQL_Get])这里的问题