www.gusucode.com > 山寨版广告信息招贴网源码程序 > 山寨版广告信息招贴网源码程序/ewuyi/dir_发布/user/conn.asp
<!-- #include file="../config.asp"--> <!-- #include file="Function.asp"--> <% squery=lcase(Request.ServerVariables("QUERY_STRING")) sURL=lcase(Request.ServerVariables("HTTP_HOST")) SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") For SQL_Data=0 To Ubound(SQL_inj) if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then Response.Write "SQL通用防注入系统" Response.end end if next on error resume next '字符串连接数据库方法 ConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath("../"&mdbpath&"") set conn=Server.CreateObject("ADODB.Connection") conn.open ConnStr If Err Then err.Clear Set Conn = Nothing Response.Write "Load……" Response.End End If Function HtmlEncode(Content) Content = Replace(Content, ">", ">") Content = Replace(Content, "<", "<") Content = Replace(Content, "'", "") HtmlEncode = content End Function Function HtmlEncode2(Content) Content = Replace(Content, ">", ">") Content = Replace(Content, "<", "<") Content = Replace(Content, " ", " ") Content = Replace(Content, "'", "") Content = Replace(Content, vbcrlf,"<br>") HtmlEncode2 = content End Function %>