www.gusucode.com > 盐城分类信息网asp源码程序 > config.asp
<!--#include file="inc/md5.asp"-->
<%
dim rscg,sqlcg,host,title,web,logo,leixing,city,coryright,tnum,zinum,z_hb,z_a,z_b,z_c,z_d,jf_hb,jf_1,jf_2,jf_3,jf_4,g_a,g_b,g_c,g_d,b_y,tui_y,s_y,del_xx,adtop,hots,adhot,ad1,ad2,ad3,ad4,ad5,ad6,ad7,ad8,glcy,close
set rscg=server.createobject("adodb.recordset")
sqlcg = "select * from config "
rscg.open sqlcg,conn,1,1
if rscg.eof or rscg.BOF then
response.write "数据错误"
response.write "<meta http-equiv=refresh content=""2;URL=index.asp"">"
response.end
end if
title=rscg("title")
web=rscg("web")
logo=rscg("logo")
city=rscg("city")
leixing=rscg("leixing")
diqu=rscg("diqu")
coryright=rscg("coryright")
tnum=rscg("tnum")
zinum=rscg("zinum")
z_hb=rscg("z_hb")
z_a=rscg("z_a")
z_b=rscg("z_b")
z_c=rscg("z_c")
z_d=rscg("z_d")
jf_hb=rscg("jf_hb")
jf_1=rscg("jf_1")
jf_2=rscg("jf_2")
jf_3=rscg("jf_3")
jf_4=rscg("jf_4")
g_a=rscg("g_a")
g_b=rscg("g_b")
g_c=rscg("g_c")
g_d=rscg("g_d")
b_y=rscg("b_y")
tui_y=rscg("tui_y")
s_y=rscg("s_y")
del_xx=rscg("del_xx")
adtop=rscg("adtop")
hots=rscg("hots")
adhot=rscg("adhot")
ad1=rscg("ad1")
ad2=rscg("ad2")
ad3=rscg("ad3")
ad4=rscg("ad4")
ad5=rscg("ad5")
ad6=rscg("ad6")
ad7=rscg("ad7")
ad8=rscg("ad8")
glcy=rscg("glcy")
rscg=close
set rscg=nothing
%>
<%
'检测是否有效的数字-----------------
Function IsInteger(Para)
IsInteger=False
If Not (IsNull(Para) Or Trim(Para)="" Or Not IsNumeric(Para)) Then
IsInteger=True
End If
End Function
'检查无效字符----------------------
Function CheckStr(byVal ChkStr)
Dim Str:Str=ChkStr
Str=Trim(Str)
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Dim re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="(\r\n){3,}"
Str=re.Replace(Str,"$1$1$1")
Set re=Nothing
Str = Replace(Str,"'","''")
Str = Replace(Str, "!!!", "!")
Str = Replace(Str, "★★★", "★")
CheckStr=Str
End Function
'转换HTML代码-----------------------
Function HTMLDecode(reString)
Dim Str:Str=reString
If Not IsNull(Str) Then
Str = Replace(Str, "&", "&")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "<", "<")
Str = Replace(Str, " ", CHR(32))
Str = Replace(Str, " ", CHR(9))
Str = Replace(Str, "    ", CHR(9))
Str = Replace(Str, """, CHR(34))
Str = Replace(Str, "'", CHR(39))
Str = Replace(Str, "", CHR(13))
Str = Replace(Str, "<br>", CHR(10))
HTMLDecode = Str
End If
End Function
'--------SQL防注入定义部份------------------
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh
Fy_In = "or|join|union|like|modify|cast|drop|exec|insert|select|delete|update|count|alter|rename|chr|mid|truncate|char|declare|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Fy_Inf = split(Fy_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('信息网提示您↓\n\n弄个网站不容易,请手下留情!');history.back();</Script>"
Response.End
End If
Next
Next
End If
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('信息网提示您↓\n\n请勿输入非法字符了!');history.back();</Script>"
Response.End
End If
Next
Next
End If
%>