比较好的一个数据库连接文件conn.asp

最新推荐文章于 2021-02-06 16:24:05 发布

叫我梁大侠

最新推荐文章于 2021-02-06 16:24:05 发布

阅读量634

点赞数

分类专栏：技术交流文章标签：数据库 microsoft insert delete each function

本文链接：https://blog.csdn.net/enjoy_gw/article/details/6167786

版权

技术交流专栏收录该内容

3 篇文章 0 订阅

订阅专栏

<%
dim db
db="datebase/datebase.mdb" '数据库文件位置
'on error resume next
connstr="DBQ="+server.mappath(""&db&"")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
if err then
err.clear
else
conn.open connstr
end if

sub CloseConn()
conn.close
set conn=nothing
end sub
%>
<%
IDCCFy_In="'|;|--|<script|<iframe|char |char(|char%|char/*|select |select%|select/*|insert |insert%|insert/*|delete |delete%|delete/*|union |union%|union/*|join |join%|join/*|drop |drop%|drop/*|declare |declare%|declare/*|update |update%|update/*|truncate |truncate%|truncate/*|create |create%|create/*|xp_cmdshell|exec |exec%|exec/*|alter |alter%|alter/*|cast |cast(|cast%|cast/*|modify |modify%|modify/*"

IDCCFy_Inf = split(IDCCFy_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each IDCCFy_Post In Request.Form
  For IDCCFy_Xh=0 To Ubound(IDCCFy_Inf)
   If Instr(LCase(Request.Form(IDCCFy_Post)),IDCCFy_Inf(IDCCFy_Xh))<>0 Then

    '写入txt记录功击者IP跟功击时间
       call FsoWriteLog("sqlinLog.txt","注入IP："& Request.ServerVariables("REMOTE_ADDR") & "----注入时间："&now() &"-------POST注入内容："& Request.ServerVariables("HTTP_URL")&"?"&Request.Form(IDCCFy_Post))
    cuowu="<Script Language=JavaScript>alert('您提交的内容包含了字符["&IDCCFy_Inf(IDCCFy_Xh)&"],请去除后重新提交...');</Script>"
    'Response.Write (cuowu)
    Response.End
   End If
  Next
Next
End If
'----------------------------------

'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each IDCCFy_Get In Request.QueryString
  For IDCCFy_Xh=0 To Ubound(IDCCFy_Inf)
   If Instr(LCase(Request.QueryString(IDCCFy_Get)),IDCCFy_Inf(IDCCFy_Xh))<>0 Then
   call FsoWriteLog("sqlinLog.txt","注入IP："& Request.ServerVariables("REMOTE_ADDR") & "----注入时间："&now() &"-------GET注入内容："& Request.ServerVariables("HTTP_URL")&"?"&Request.QueryString(IDCCFy_Post))
    cuowu="<Script Language=JavaScript>alert('您提交的内容包含了字符["&IDCCFy_Inf(IDCCFy_Xh)&"],请去除后重新提交...');</Script>"
    'Response.Write (cuowu)
    Response.End
   End If
  Next
Next
End If

'--------Cookie部份-------------------
If Request.Cookies<>"" Then
For Each IDCCFy_Get In Request.Cookies
  For IDCCFy_Xh=0 To Ubound(IDCCFy_Inf)
   If Instr(LCase(Request.Cookies(IDCCFy_Get)),IDCCFy_Inf(IDCCFy_Xh))<>0 Then
   call FsoWriteLog("sqlinLog.txt","注入IP："& Request.ServerVariables("REMOTE_ADDR") & "----注入时间："&now() &"-------Cookie注入内容："& Request.ServerVariables("HTTP_URL")&"?"&Request.Cookies(IDCCFy_Post))
    cuowu="<Script Language=JavaScript>alert('您提交的内容包含了字符["&IDCCFy_Inf(IDCCFy_Xh)&"],请去除后重新提交...');</Script>"
    'Response.Write (cuowu)
    Response.End
   End If
  Next
Next
End If

'写入txt记录功击者IP跟功击时间
Function FsoWriteLog(filename,Linecontent)
Dim FSO,Fs
Set FSO= Server.CreateObject("Scripting.FileSystemObject")
     if not FSO.FileExists(Server.MapPath("/")&"/"&filename) then
         Set Fs = FSO.CreateTextFile(Server.MapPath("/")&"/"&filename, True)
         Fs.Close
end if
         Set Fs = FSO.OpenTextFile(Server.MapPath("/")&"/"&filename,8,1)
             Fs.WriteLine(Linecontent)
             Fs.close
         Set Fs = nothing
Set FSO = nothing
End Function
%>

本代码是由小弟经一位高人指点而得

贴出来给大家分享分享

祝大家兔年吉祥！