<%
'请不要修改以下函数,避免影响整个系统的正常运行!
function AlertMsg(sText)
Response.Write ""
end function
function AlertMsgUrl(sText,sUrl)
Response.Write ""
end function
function Html2Text(str)
dim result
if isNULL(str) then
Html2Text=""
exit function
end if
result=replace(str,"<","<")
result=replace(result,">",">")
result=replace(result," ",chr(13))
result=replace(result,""",chr(34))
result=replace(result,"&","&")
result=replace(result," ",chr(32))
Html2Text=result
end function
function Text2Html(str)
dim result,l,i
if isNULL(str) then
Text2Html=""
exit function
end if
l=len(str)
result=""
for i = 1 to l
select case mid(str,i,1)
case "<"
result=result+"<"
case ">"
result=result+">"
case chr(10)
result=result+""
case chr(13)
result=result+" "
case chr(34)
result=result+"""
case "&"
result=result+"&"
case chr(32)
if i+1<=l and i-1>0 then
if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) then
result=result+" "
else
result=result+" "
end if
else
result=result+" "
end if
case chr(9)
result=result+" "
case else
result=result+mid(str,i,1)
end select
next
Text2Html=result
end function
function Html2Str(str)
dim p1,p2,ss
if isNULL(str) then
Html2Str=""
exit function
end if
ss=str
p1=instr(1,ss,"<",1)
while p1>0
p2=instr(p1+1,ss,">",1)
if p2>0 then
ss=replace(ss,mid(ss,p1,p2-p1+1),"",1)
end if
p1=instr(1,ss,"<",1)
wend
ss=replace(ss," "," ")
Html2Str=ss
end function
'DB="data/buyok30xdddasdf.asp"
Response.Buffer=True
session.timeout=30
'on error resume next
SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write ""
Response.end
end if
next
Next
End If
sub aspsql()
SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
response.write ""
response.end
end if
next
next
end if
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
response.write ""
response.end
end if
next
Next
end If
end sub
sub buyok_check_path()
server_v1=lcase(Cstr(Request.ServerVariables("HTTP_REFERER")))
server_v2=lcase(Cstr(Request.ServerVariables("SERVER_NAME")))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write ""
response.end
end if
end sub
On Error Resume Next
Set Conn=Server.CreateObject("Adodb.Connection")
strConn="Driver={Microsoft Access Driver (*.Mdb)};Pwd=;Dbq=" & Server.MapPath("db/article.asp")
Conn.Open strConn
%>
未指定参数
关闭窗口
