conn.asp 521yy迷你留言板 1 - ASP源码程序

www.gusucode.com > 521yy迷你留言板 1 > 521yy迷你留言板 1.0/51yyfeedback/feedback/inc/conn.asp
    <%
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa 
On Error Resume Next 
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|script|*|char|set|mid|master" 
aa="senlon.htm" '------------------------------------------ 
Fy_Inf = split(Fy_In,"|")

'1--------POST部份------------------ 
If Request.Form<>"" Then 
For Each Fy_Post In Request.Form 
For Fy_Xh=0 To Ubound(Fy_Inf) 
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then 
flyaway1="<li>操作ＩＰ：<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间："&Now&"<BR>操作页面："&Request.ServerVariables("URL")&"<BR>提交方式：ＰＯＳＴ<BR>提交参数："&Fy_post&"<BR>提交数据："&replace(Request.Form(Fy_post),"'","*")&"</li>" 
set fs=server.CreateObject("Scripting.FileSystemObject") 
set file=fs.OpenTextFile(server.MapPath(aa),8,True) 
file.writeline flyaway1 
file.close 
set file=nothing 
set fs=nothing 
Response.Write "对不起，你提交的内容[<FONT COLOR=#ff0000>"&replace(Request.Form(Fy_post),"'","*")&"</FONT>]含有非法字符！你的IP："&Request.ServerVariables("REMOTE_ADDR")&"已被记录。" 
Response.End
End If 
Next 
Next 
End If 

'2--------GET部份------------------- 
If Request.QueryString<>"" Then 
For Each Fy_Get In Request.QueryString 
For Fy_Xh=0 To Ubound(Fy_Inf) 
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then 
flyaway2="<li>操作ＩＰ：<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间："&Now&"<BR>操作页面："&Request.ServerVariables("URL")&"<BR>提交方式：ＧＥＴ<BR>提交参数："&Fy_get&"<BR>提交数据："&replace(Request.QueryString(Fy_get),"'","*")&"</li>" 
set fs=server.CreateObject("Scripting.FileSystemObject") 
set file=fs.OpenTextFile(server.MapPath(aa),8,True) 
file.writeline flyaway2 
file.close 
set file=nothing 
set fs=nothing 
Response.Write "非法URL请求！你的IP："&Request.ServerVariables("REMOTE_ADDR")&"已被记录。" 
Response.End
End If 
Next 
Next 
End If

'Rem 过滤HTML代码
function HTMLEncode(fString)
if not isnull(fString) then
fString = replace(fString, ">", "&gt;")
fString = replace(fString, "<", "&lt;")
fString = Replace(fString, CHR(32), "&nbsp;")
fString = Replace(fString, CHR(9), "&nbsp;")
fString = Replace(fString, CHR(34), "&quot;")
fString = Replace(fString, CHR(39), "&#39;")
fString = Replace(fString, CHR(13), "")
fString = Replace(fString, CHR(10) & CHR(10), " ")
fString = Replace(fString, CHR(10), " ")
fString=ChkBadWords(fString)
HTMLEncode = fString
end if
end function

Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "provider=microsoft.jet.oledb.4.0;data source = " &  Server.MapPath("../data/senlon.asa")
%>