functionCheckFileContent(FileName)

dimClientFile,ClientText,ClientContent,DangerString,DSArray,AttackFlag,k

setClientFile=Server.CreateObject("Scripting.FileSystemObject")

setClientText=ClientFile.OpenTextFile(Server.MapPath(FileName),1)

ClientContent=LCase(ClientText.ReadAll)

setClientText=nothing

setClientFile=nothing

AttackFlag=false

DangerString=".getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=|include|filesystemobject|shell.application"

DSArray=split(DangerString,"|")

fork=0toUBound(DSArray)

ifInStr(ClientContent,DSArray(k))>0then'判断文件内容中是否包含有危险的操作字符，如有，则必须删除该文件。

AttackFlag=true

exitfor

endif

next

CheckFileContent=AttackFlag

endfunction

'End----------------------------------------------------------------------------------------------------------------------------

下一篇：asp.net下文件上传和文件删除的代码