function RequestX(strGet)
strTemp=Trim(Request.Form(strGet))
dim nothis(16)
nothis(0)="net user"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="net localgroup administrators"
nothis(5)="select"
nothis(6)="count"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)=""""
nothis(12)="insert"
nothis(13)="delete"
nothis(14)="drop"
nothis(15)="truncate"
nothis(16)="from"
for i=1 to ubound(nothis)
if instr(strTemp,nothis(i)) then
Response.write "你输入的内容含有非法字符!"
Response.write "请返回重试"
Response.End
end if
next
RequestX=strTemp
end function
'function errOccur(strErr)
'Response.write "您的输入中存在问题:"&strErr&""
'Response.write "请返回重试"
'Response.End
'end function
'
'username=RequestX("username")
'password=RequestX("password")
'strSql="select * from userlist where username='"&username&"'and password='"&password&"'"
'set objRs=Server.CreateObject("ADODB.RECORDSET")
'objRs.open strSql,conn,1,1
'if objRs.eof then
'errOccur("登录失败,请检查您输入的用户名与密码是否正确")
'else
'response.write("登陆成功!")
'Session("username")=username
'end if
'conn.execute "update userlist set logintimes=logintimes+1 where username='"&RequestX("username")&"'"
%>