以下是ASP代码,并且使用了ip地址归属地查询。
<%
Sub StopInjection_it_security(Values)
Dim regEx
Dim IP
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|#|([\s\b+()]+(select|union|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
If regEx.Test(Values) Then
IP = Request.ServerVariables("HTTP_X_FORWARDED_F")
IF(IP="")THEN IP = Request.ServerVariables("REMOTE_ADDR")
response.write("<span name=addr id=addr></span>")
response.write("<script src=http://whois.pconline.com.cn/jsLabel.jsp?ip=" & IP &"&id=addr></script>")
Response.Write "<script>alert('北京海淀网络公安局警官小天(13021)提醒你:\n◇来自:'+document.getElementById('addr').innerHTML +' 的朋友\n◇你的非法访问已经被记录\n★非法IP=" & IP & "\n★请保持手机畅通,恭候公安部门调查!')</script>"
Response.End
End If
Set regEx = Nothing
End Sub
%>
