www.gusucode.com > 山寨版广告信息招贴网源码程序 > 山寨版广告信息招贴网源码程序/ewuyi/dir_发布/admin/conn.asp
<!-- #include file="../config.asp"--> <% Function AlertUrl(AlertStr,Url) Response.Write "<script>" Response.Write "alert('"&AlertStr&"');" Response.Write "location.href='"&Url&"';" Response.Write "</script>" End Function Function AlertBack(AlertStr) Response.Write "<script>" Response.Write "alert('"&AlertStr&"');" Response.Write "history.go(-1)" Response.Write "</script>" End Function %> <% squery=lcase(Request.ServerVariables("QUERY_STRING")) sURL=lcase(Request.ServerVariables("HTTP_HOST")) SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") For SQL_Data=0 To Ubound(SQL_inj) if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then Response.Write "SQL通用防注入系统" Response.end end if next on error resume next '字符串连接数据库方法 set conn=Server.CreateObject("ADODB.Connection") conn.open "DRIVER=Driver do Microsoft Access (*.mdb);UID=admin;PWD=;DBQ="&Server.MapPath("../"&mdbpath&"") '字符串连接数据库方法 Function GetCode1() Dim Test On Error Resume Next Set Test = Server.CreateObject("Adodb.Stream") Set Test = Nothing if Err Then Dim zNum Randomize Timer zNum = CInt(8999 * Rnd + 1000) Session("GetCode") = zNum getcode1 = Session("GetCode") Else getcode1 = "<img src=""code.asp"">" End if End Function %>