asp防止上传木马原理：[br][br]首先判断文件大小：[br]if file.filesize<10 then[br] response.write("")[br] response.write("")[br] response.end()[br]end if[br][br]将文件上传到服务器后，判断用户文件中的危险操作字符:[br][br]set myfile = server.createobject("scripting.filesystemobject")[br]set mytext = myfile.opentextfile(filepath, 1) '读取文本文件[br]stextall = lcase(mytext.readall)[br]mytext.close[br]set myfile = nothing[br]sstr=".getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas[br]|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language="[br]snostring = split(sstr,"|") [br]for i=0 to ubound(snostring)[br] if instr(stextall,snostring(i)) then[br] set filedel = server.createobject("scripting.filesystemobject")[br] filedel.deletefile filepath[br] set filedel = nothing[br] response.write("")[br] response.end()[br] end if[br]next