📄 db_conn.asp

📁 购物系统时尚版.强大的后台文章编辑器的功能

💻 ASP

字号:

<%
'SQL注入式攻击防范get及ID（not）代码
dim squery
dim sURL
dim allquery
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
allquery=squery+sURL
if InStr(allquery,"%20")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%a1a1")<>0 or InStr(allquery,"%24")<>0 or InStr(allquery,"$")<>0 or InStr(allquery,"%3b")<>0 or InStr(allquery,";")<>0 or InStr(allquery,":")<>0 or InStr(allquery,"%%")<>0 or InStr(allquery,"%3c")<>0 or InStr(allquery,"<")<>0 or InStr(allquery,">")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"sp_")<>0 or InStr(allquery,"xp_")<>0 or InStr(allquery,"exec")<>0 or InStr(allquery,"\")<>0 or InStr(allquery,"delete")<>0 or InStr(allquery,"dir")<>0 or InStr(allquery,"exe")<>0 or InStr(allquery,"select")<>0 or InStr(allquery,"Update")<>0 or InStr(allquery,"cmd")<>0 or InStr(allquery,"*")<>0 or InStr(allquery,"^")<>0 or InStr(allquery,"(")<>0 or InStr(allquery,")")<>0 or InStr(allquery,"+")<>0 or InStr(allquery,"copy")<>0 or InStr(allquery,"format")<>0 or not(isnumeric(request("id"))) or not(isnumeric(request("xlbid"))) or not(isnumeric(request("page"))) then
Response.write "不法访问"
Response.End
end if

response.buffer=true '启用缓冲处理

dim conn 
dim connstr
on error resume next
connstr="DBQ="+server.mappath("../byfenglan/byfenglanAC.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr
If Err Then
        err.Clear
        Set Conn = Nothing
        Response.Write "数据库连接出错，请检查数据库连接文件中的数据库参数设置。"
        Response.End
    End If 
%>

💿 文件大小 1300 K

👤 上传用户 saas1988

📂 所属分类其他

🏷️ 相关标签

#后台 #编辑器

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -