<%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "No-Cache"
Response.CharSet = "GB2312"
ErrorSql="'|;|*|=|insert |select |delete |update |and |or |count|chr|mid|master|truncate|char|declare|xp_cmdshell|/add|drop|from|exec|net user"
ErrorTxt ="/'|;|*|=|insert|select|delete|update|and|or|count|chr|mid|master|truncate|char|declare|xp_cmdshell|/add|drop|from|exec|net user"
ErrorSql = split(ErrorSql,"|")
ErrorTxt = split(ErrorTxt,"|")
If Request.ServerVariables("REQUEST_METHOD")="GET" Then
For Each RequestKey In Request.QueryString
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0 or Instr(LCase(unescape(Request.QueryString(RequestKey))),ErrorSql(ForI))<>0 Then
response.write "<run-script>alert('警告:/n/n请不要使用敏感字符!/n/n字符:"&ErrorTxt(ForI)&"');</run-script>"
response.write "<script>alert('警告:/n/n请不要使用敏感字符!/n/n字符:"&ErrorTxt(ForI)&"');</script>"
Response.End
End If
Next
Next
End If
If Request.ServerVariables("REQUEST_METHOD")="POST" Then
For Each RequestKey In Request.Form
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.Form(RequestKey)),ErrorSql(ForI))<>0 or Instr(LCase(unescape(Request.Form(RequestKey))),ErrorSql(ForI))<>0 Then
response.write "<run-script>alert('警告:/n/n请不要使用敏感字符!/n/n字符:"&ErrorTxt(ForI)&"');</run-script>"
response.write "<script>alert('警告:/n/n请不要使用敏感字符!/n/n字符:"&ErrorTxt(ForI)&"');</script>"
Response.End
End If
Next
Next
End If
Set Conn = Server.CreateObject("ADODB.Connection")
connstr = "Provider=SQLOLEDB;User ID=sa;Password=123456;Initial Catalog=www.marrycity.com;Data Source=127.0.0.1"
Conn.Open connstr
%>