www.gusucode.com > 盐城分类信息网asp源码程序 > config.asp
<!--#include file="inc/md5.asp"--> <% dim rscg,sqlcg,host,title,web,logo,leixing,city,coryright,tnum,zinum,z_hb,z_a,z_b,z_c,z_d,jf_hb,jf_1,jf_2,jf_3,jf_4,g_a,g_b,g_c,g_d,b_y,tui_y,s_y,del_xx,adtop,hots,adhot,ad1,ad2,ad3,ad4,ad5,ad6,ad7,ad8,glcy,close set rscg=server.createobject("adodb.recordset") sqlcg = "select * from config " rscg.open sqlcg,conn,1,1 if rscg.eof or rscg.BOF then response.write "数据错误" response.write "<meta http-equiv=refresh content=""2;URL=index.asp"">" response.end end if title=rscg("title") web=rscg("web") logo=rscg("logo") city=rscg("city") leixing=rscg("leixing") diqu=rscg("diqu") coryright=rscg("coryright") tnum=rscg("tnum") zinum=rscg("zinum") z_hb=rscg("z_hb") z_a=rscg("z_a") z_b=rscg("z_b") z_c=rscg("z_c") z_d=rscg("z_d") jf_hb=rscg("jf_hb") jf_1=rscg("jf_1") jf_2=rscg("jf_2") jf_3=rscg("jf_3") jf_4=rscg("jf_4") g_a=rscg("g_a") g_b=rscg("g_b") g_c=rscg("g_c") g_d=rscg("g_d") b_y=rscg("b_y") tui_y=rscg("tui_y") s_y=rscg("s_y") del_xx=rscg("del_xx") adtop=rscg("adtop") hots=rscg("hots") adhot=rscg("adhot") ad1=rscg("ad1") ad2=rscg("ad2") ad3=rscg("ad3") ad4=rscg("ad4") ad5=rscg("ad5") ad6=rscg("ad6") ad7=rscg("ad7") ad8=rscg("ad8") glcy=rscg("glcy") rscg=close set rscg=nothing %> <% '检测是否有效的数字----------------- Function IsInteger(Para) IsInteger=False If Not (IsNull(Para) Or Trim(Para)="" Or Not IsNumeric(Para)) Then IsInteger=True End If End Function '检查无效字符---------------------- Function CheckStr(byVal ChkStr) Dim Str:Str=ChkStr Str=Trim(Str) If IsNull(Str) Then CheckStr = "" Exit Function End If Dim re Set re=new RegExp re.IgnoreCase =True re.Global=True re.Pattern="(\r\n){3,}" Str=re.Replace(Str,"$1$1$1") Set re=Nothing Str = Replace(Str,"'","''") Str = Replace(Str, "!!!", "!") Str = Replace(Str, "★★★", "★") CheckStr=Str End Function '转换HTML代码----------------------- Function HTMLDecode(reString) Dim Str:Str=reString If Not IsNull(Str) Then Str = Replace(Str, "&", "&") Str = Replace(Str, ">", ">") Str = Replace(Str, "<", "<") Str = Replace(Str, " ", CHR(32)) Str = Replace(Str, " ", CHR(9)) Str = Replace(Str, "    ", CHR(9)) Str = Replace(Str, """, CHR(34)) Str = Replace(Str, "'", CHR(39)) Str = Replace(Str, "", CHR(13)) Str = Replace(Str, "<br>", CHR(10)) HTMLDecode = Str End If End Function '--------SQL防注入定义部份------------------ Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh Fy_In = "or|join|union|like|modify|cast|drop|exec|insert|select|delete|update|count|alter|rename|chr|mid|truncate|char|declare|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" Fy_Inf = split(Fy_In,"|") '--------POST部份------------------ If Request.Form<>"" Then For Each Fy_Post In Request.Form For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then Response.Write "<Script Language=JavaScript>alert('信息网提示您↓\n\n弄个网站不容易,请手下留情!');history.back();</Script>" Response.End End If Next Next End If '--------GET部份------------------- If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then Response.Write "<Script Language=JavaScript>alert('信息网提示您↓\n\n请勿输入非法字符了!');history.back();</Script>" Response.End End If Next Next End If %>