|
|
发表于 2015-9-5 18:04:59
|
显示全部楼层
<%@language=vbscript%>
<!--#include file="www.redmoon8.com.asp" -->
<%
const MM_strFilter = "' "" , ; // -- _ go exec declare delete update or" '过滤字符,用空格分开
Call ChkRef()
Sub ChkRef()
dim str,server_v1,server_v2,Len_server_v2
'-------------------
str = ""
for each element in Request.Form
str=str & Request.Form(element)
Next
'-------------------
for each element in Request.QueryString
str=str & Request.QueryString(element)
next
'-------------------
'-------------------
if check_SQL(str) then Call stopEx()
End Sub
Sub stopEx()
response.write "<script language=javascript>alert('请不要提交非法字符\nWWW.REDMOON8.COM');history.back();</script>"
Response.end
end sub
Function check_SQL(strData)
dim strFilter
dim blnFlag
dim i
strFilter=MM_strFilter
blnFlag=Flase
dim arrayFilter
arrayFilter=Split(strFilter," ")
For i=0 To UBound(arrayFilter)
If Instr(1,strData,arrayFilter(i),vbTextCompare)>0 Then
blnFlag=True
Exit For
End If
Next
check_SQL=blnFlag
End Function
%>
<%
on error resume next
dim connstr
dim conn
connstr = "Provider=SQLOLEDB;Data Source="&dbip&";DATABASE="&dbname&";UID="&dbuser&";pwd="&dbpsd
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open connstr
errormsg="注册信息有错误......"
if err.number<>0 then
response.write "<script language=javascript>alert('连接SQL失败,请与管理员联系\nWWW.REDMOON8.COM');history.back();</script>"
response.end
end if
%>
<BODY oncontextmenu=window.event.returnValue=false>
<noscript><iframe src=*.html></iframe></noscript> |
|
