dim nothis(19)
nothis(0)= "net user "
nothis(1)= "xp_cmdshell "
nothis(2)= "/add "
nothis(3)= "exec%20master.dbo.xp_cmdshell "
nothis(4)= "net localgroup administrators "
nothis(5)= "select "
nothis(6)= "count "
nothis(7)= "asc "
nothis(8)= "char "
nothis(9)= "mid "
nothis(10)= " ' "
nothis(11)= " " " "
nothis(12)= "insert "
nothis(13)= "delete "
nothis(14)= "drop "
nothis(15)= "truncate "
nothis(16)= "from "
nothis(17)= "and "
nothis(18)= "or "
nothis(19)= "not "
for i=0 to ubound(nothis)
if instr(request( "title "),nothis(i)) <> 0 then
Response.write "你输入的内容含有非法字符! "
response.end
end if
next
========================
怎么得不到正确的结果????????
------解决方案--------------------
从程序代码来讲, 没有错误. 是不是你的测试方法有问题.
另外, 要考虑到关键词的大小写. 可以把request( "title ")转换为小写然后再放入instr函数.