下面的例子是我的一个网站中的代码,当然,数据库名字是改了的。我希望能给各位读者一点帮助。
<%
dim sql_injdata
SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.end
end if
next
next
end if
%>
<!--#include file="inc/a.asp"-->
<!--#include file="inc/md5.asp"-->
<%
dim webtitle,xiaolin,conn,connstr
webtitle="Sivehse"
if md5(CodeAuthor,16)<>"f56c2fa93409cc94" then
response.Write"<font style='font-size:12px;color:red'>你没有操作权限...!请和作者联系(QQ:247646640)</font>"
Response.End
else
set conn=server.CreateObject("ADODB.Connection")
connstr=" provider=microsoft.jet.oledb.4.0;jet oledb:database password=;data source="& server.MapPath("piaoliangdemm.mdb")
conn.open connstr
end if
%>