conn.asp

来自「加入了反SQL注入插件」· ASP 代码 · 共 41 行

<%
on error resume next
dim sql_injdata
SQL_injdata = "'|,|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert('非法参数！\n\n请不要在参数中包含非法字符！');history.back(-1)</Script>"
Response.end
end if
next
next
end if

If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert('非法参数！\n\n请不要在参数中包含非法字符！');history.back(-1)</Script>"
Response.end
end if
next
Next
End If
%>
<!--#include file="admin/database_name.asp" -->
<%
dim startime,conn,connstr,db,rs,rs_s,rs_s1,rs_shjia
startime=timer()
db="database/"&dataname&"" '数据库
on error resume next '尝试连数据库，一直到超时，但可以加强SQL注入过滤
connstr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(db)
'connstr="DBQ="+server.mappath(""&db&"")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr

%>