我有一些代码在将输入值插入数据库之前会检查输入值。它可以正常工作,它检查所有表单输入,但是我希望它排除所有文件上载输入,因此在上载图像时它不会检查文件输入的值。但是我不知道如何使它起作用,因此任何输入都非常感激。谢谢。
这就是我现在拥有的。
Dim BlackList, ErrorPage
BlackList = Array("#","$","%","^","&","|",_
"<",">","'","""","(",")",_
"--", "/*", "*/", "@@",_
"cursor","exec","execute",_
"nchar", "varchar", "nvarchar", "iframe", "char", "alter", "begin", "cast", "create", "insert","delete", "drop", "table"_
)
Function CheckStringForSQL(str,varType)
On Error Resume Next
Dim lstr
' If the string is empty, return false that means pass
If ( IsEmpty(str) ) Then
CheckStringForSQL = false
Exit Function
ElseIf ( StrComp(str, "") = 0 ) Then
CheckStringForSQL = false
Exit Function
End If
lstr = LCase(str)
' Check if the string contains any patterns in our black list
For Each s in BlackList
If(IsExceptionList(s,varType)=False) then
If ( InStr (lstr, s) <> 0 ) Then
CheckStringForSQL = true
Exit Function
End If
End If
Next
CheckStringForSQL = false
End Function
CookieExceptionList = Array("""","(",")","!")
Function IsExceptionList(str,varType)
If(varType="cookie") then
For Each item in CookieExceptionList
If(item=str) then
IsExceptionList=True
Exit Function
End If
Next
End If
IsExceptionList=False
End Function
--SO HERE I NEED TO CHECK IF IT IS A FILE INPUT, AND IF SO, NOT RUN THE BELOW--
For Each s in Request.form
If ( CheckStringForSQL(Request.form(s),"form") ) Then
feltext="Fel"
End If
Next