<%dim sql_injdata SQL_injdata = "exec|insert|delete|update|*|master|truncate|char|declare|"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(lcase(Request(SQL_Get)),Sql_Inj(Sql_DATA))>0 Then ''response.write("") ''alert('²»ÒªÕÛÌÚÎÒÀ²!'); response.redirect(request.ServerVariables("HTTP_REFERER")) ac = "no" end if next Next End If If Request.Form<>"" Then For Each SQL_Get In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(lcase(Request(SQL_Get)),Sql_Inj(Sql_DATA))>0 Then ''response.write("") response.redirect(request.ServerVariables("HTTP_REFERER")) ac = "no" end if next Next End If If request.cookies<>"" Then For Each SQL_Get In request.cookies For SQL_Data=0 To Ubound(SQL_inj) if instr(Request(SQL_Get),Sql_Inj(Sql_DATA))>0 Then ''response.write("") response.redirect(request.ServerVariables("HTTP_REFERER")) ac = "no" end if next Next End If if ac = "no" then response.write("") end if%>