⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 tot_conn.asp

📁 淘特网的一个留言本系统
💻 ASP
字号:
🔍 
<%
on error resume next '发布程序时请将on前的'去掉
dim database,conn,con,ConnStr
database=2  '1为sqlserver,2为access
'防止注入
dim qs,errc,iii
qs=request.servervariables("query_string")
'response.write(qs)
dim deStr(18)
deStr(0)="net user"
deStr(1)="xp_cmdshell"
deStr(2)="/add"
deStr(3)="exec%20master.dbo.xp_cmdshell"
deStr(4)="net localgroup administrators"
deStr(5)="select"
deStr(6)="count"
deStr(7)="asc"
deStr(8)="char"
deStr(9)="mid"
deStr(10)="'"
deStr(11)=":"
deStr(12)=""""
deStr(13)="insert"
deStr(14)="delete"
deStr(15)="drop"
deStr(16)="truncate"
deStr(17)="from"
deStr(18)="%"
errc=false
for iii= 0 to ubound(deStr)
if instr(qs,deStr(iii))<>0 then
errc=true
end if
next
if errc then
Response.Write("对不起,非法URL地址请求!")
response.end
end if
'数据库连接参数
set conn=server.CreateObject("adodb.connection")
ConnStr="driver={sql server};server=127.0.0.1;database=tot_guestbook;uid=sa;pwd=123456" 
if(database=1) then
	conn.open ConnStr
elseif(database=2) then
	con= "driver={Microsoft Access Driver (*.mdb)};dbq=" & Server.MapPath("data/#@)_+&#%.asp") 
conn.open con
end if
'读取配置
dim SiteConfig,isAdmin,userIp
Set SiteConfig=conn.Execute("Select Title,PageSize,CloseBook,Flag,IP,DeChar,Content,Marquee,BBS_Head,BBS_Root From TOT_Admin")
application("TOT_Title")=SiteConfig(0)
application("TOT_PageSize")=SiteConfig(1)
application("TOT_CloseBook")=SiteConfig(2)
application("TOT_Flag")=SiteConfig(3)
application("TOT_IP")=SiteConfig(4)
application("TOT_DeChar")=SiteConfig(5)
application("TOT_Content")=SiteConfig(6)
application("TOT_Marquee")=SiteConfig(7)
application("BBS_Head")=SiteConfig(8)
application("BBS_Root")=SiteConfig(9)
Set SiteConfig=nothing

application("TOT_TodayAddNum")=conn.Execute("Select count(*) From TOT_GuestBook Where DateTime>Date()")(0)
application("TOT_TotalAddNum")=conn.Execute("Select count(*) From TOT_GuestBook")(0)
'是否管理员
if(len(session("TOT_ADMIN"))>1 and session("TOT_ADMIN")<>"") then
	isAdmin=true
else
	isAdmin=false
end if
'过滤限制字符
Function Gl(str)
	Guolv = Split(application("TOT_DeChar"),"|")
	For i=0 to Ubound(Guolv)
		Str = Replace (Str,Guolv(i),"*")
	Next
	Gl=Str
End Function
'限制IP
userIp = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
if userIp = "" then 
	userIp = Request.ServerVariables("REMOTE_ADDR")
end if

if(Instr(application("TOT_IP"),userIp)<>0) then
	response.write("受限制的IP")
	response.end()
end if

'关闭对象
sub connclose
   conn.close
   set conn=nothing
end sub
%>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -