- جۇغلانما
- 215
تىزىملاتقان2014-6-12
ئاخىرقى قېتىم1970-1-1
توردا سائەت
دوست
|
- <%
- dim heike_sss,heike_fy,heike_array,heike_fy_nnnn,heike_ip,say_word_heike
- heike_sss=LCase(request.servervariables("QUERY_STRING"))
- heike_fy= "'and|'and |' and| ' and |'or|' or|' or | ' or|(| select| delete| drop| exec"
- '太多字符也不行,会导致一些程序不正常运行,如果想加强SQL注入,可试加多一些符号。
- heike_array=split(heike_fy,"|")
- for heike_fy_nnnn=0 to ubound(heike_array)
- if instr(heike_sss,heike_array(heike_fy_nnnn))<>0 then
- heike_ip=Request.ServerVariables("REMOTE_ADDR")
- say_word_heike=heike_ip&",你想干什么?黑我,不要想啦!请删除SQL注入符号。"
- response.write ""
- response.end
- end if
- next
- '=============================================================== 以下代码请不要自行修改========================================
- mdb="@zidian@0554@us.mdb"
- ConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(mdb)
- '如果你的服务器采用较老版本Access驱动,请用下面连接方法
- 'connstr="driver={Microsoft Access Driver (*.mdb)};dbq=" & Server.MapPath(mdb)
- Set conn = Server.CreateObject("ADODB.Connection")
- conn.open ConnStr
- If Err Then
- Err.Clear
- Set conn = Nothing
- Response.Write "数据库连接出错,请检查Conn.asp文件中的数据库参数设置。"
- Response.End
- End If
- Sub CloseConn()
- On Error Resume Next
- If IsObject(conn) Then
- conn.Close
- Set conn = Nothing
- End If
- End Sub
- '过滤SQL非法字符并格式化html代码
- function Replace_Text(fString)
- if isnull(fString) then
- Replace_Text=""
- exit function
- else
- fString=trim(fString)
- fString=replace(fString,">","")
- fString=replace(fString,"<","")
- fString=replace(fString,"'","")
- fString=replace(fString,";",";")
- fString=replace(fString,"--","—")
- fString=server.htmlencode(fString)
- Replace_Text=fString
- end if
- end function
- %>
مەزمۇننى كۆچۈرۈۋېلىش |
|