asp ÈçºÎ×öÄÜÌá¸ßÁ´½Ó´«µÝ²ÎÊýµÄ°²È«ÐÔ
Âé·³´ó¼Ò¸øÌáÌáÒâ¼ûÈçºÎ×ö²ÅÄÜ×öµ½Á´½Ó²ÎÊýµÄ°²È«ÐÔ
ûÓз־ÍûÈËÀí£¿
ÊÔÊÔÕâÖÖ¡£¡£
VBScript code:
Dim Query_Badword,Form_Badword,i,Err_Message,Err_Web,name
'------¶¨Ò岿·Ý Í·----------------------------------------------------------------------
Err_Message = 1 '´¦Àí·½Ê½£º1=ÌáʾÐÅÏ¢,2=תÏòÒ³Ãæ,3=ÏÈÌáʾÔÙתÏò
Err_Web = "Err.Asp" '³ö´íʱתÏòµÄÒ³Ãæ
Query_Badword="'¡Îand¡Îselect¡Îupdate¡Îchr¡Îdelete¡Î%20from¡Î;¡Îinsert¡Îmid¡Îmaster.¡Îset¡Îchr(37)¡Î="
'ÔÚÕⲿ·Ý¶¨Òåget·Ç·¨²ÎÊý,ʹÓÃ"¡Î"ºÅ¼ä¸ô
Form_Badword="'¡Î%¡Î&¡Î*¡Î#¡Î(¡Î)¡Î=" 'ÔÚÕⲿ·Ý¶¨Òåpost·Ç·¨²ÎÊý,ʹÓÃ"¡Î"ºÅ¼ä¸ô
'------¶¨Ò岿·Ý β-----------------------------------------------------------------------
'
On Error Resume Next
'----- ¶Ô get query Öµ µÄ¹ýÂË.
if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"¡Î")
FOR EACH Query_Name IN Request.QueryString
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i))<>0 Then
Select Case Err_Message
Case "1"
Response.Write "<Script Language=JavaScript>alert('´«²Î´íÎ󣡲ÎÊý "&name&" µÄÖµÖаüº¬·Ç·¨×Ö·û´®£¡\n\nÇë²»ÒªÔÚ²ÎÊýÖгöÏÖ£ºand update delete ; insert mid master µÈ·Ç·¨×Ö·û£¡');window.close();</Script
Ïà¹ØÎÊ´ð£º
ÎÒÏëÓÃaspд¸öÒ³ÃæÒÔǰûÓнӴ¥¹ý£¬ÎÒ¿´ÍøÉÏ˵aspµÄÔËÐл·¾³Ö»ÄÜÊÇwindows£¬»¹±ØÐëҪװIIS¡£
Çë½Ì¸÷λ¸ßÊÖ£¬asp»¹ÓÐÆäËûµÄÔËÐл·¾³Âð?
²î²»¶à¾ÍÕâЩÁË£¬¾ÍÊÇIISÒ»¶¨Òª×°ºÃ
»¹ÓÐÒªÊÇÓÃVS2005µÄ»°ºÃÏñ¿ÉÒÔÖ±½ÓÔ ......
<%
Sql="select top 8 * from NewsData where d_classid in (select classid from NewsClass where ParentID=16)"
Rs.Open Sql, conn, 1,1
Do Until Rs.Eof
......
aspÏÂÃ棬µ±Òª¸ù¾Ý²»Í¬µÄȨÏÞÏÔʾһЩ¹¦ÄÜ°´Å¥µÄ»°»áд³É
<%
if ȨÏÞ=1 then
%>
<input type="submit" name="Submit" value="Ìá½»" />
<%
end i ......
ÓÐËÄܸø½²½²£¬Ôõô×öÂð£¿
ллÀ²£¡
¸ÊÌØͼ ÊÇɶ£¿
½âÌâ˼·.¿´Ò»Ï½ø¶ÈÌõµÄÏÔʾ..
ÆäʵÄã¾ÍŪһ¶Ñtable ÿ¸ötableµÄ¿í¶È²»Í¬.µ×É«²»Í¬¼´¿É
µ±È»ÓÃdiv¿ØÖÆλÖøüºÃ
ÄãŪ100¸ötable¸ù¾Ý½ø¶ÈÆäÖÐÇ°20¸ö·Ö¸øµ ......
IsSqlDataBase = 0 'Ö÷Êý¾Ý¿âÀàÐÍ(1=SQL£¬0=AC)
'===========================================================================
SqlDatabaseName = "ads365" 'Ö÷Êý¾Ý¿âÃû
S ......
