sqlin.asp

来自「一套设计完善、高效的web商城解决方案」· ASP 代码 · 共 39 行

<%
'SUB SqlErr()
Dim Sql_InDate,Sql_In,Sql_Date,Sql_Post,Sql_Get
Sql_InDate ="select |insert |Delete From|'|count(|drop table|update |truncate  |asc(|mid(|char(|xp_cmdshell|exec master|net localgroup administrators|net user| or | and |%20from"
Sql_In = split(Sql_InDate,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
	For Sql_Date=0 To Ubound(Sql_In)
		If instr(Request.Form(Sql_Post),Sql_In(Sql_Date))>0 Then
			conn.Execute("insert into SqlIn(IP,Web,Mode,Parameter,Data,Locked) values('"&IP&"','"&Request.ServerVariables("URL")&"','POST','"&Sql_Post&"','"&replace(Request.Form(Sql_Post),"'","''")&"','"&Locked&"')")
			Response.Write "<Script Language=JavaScript>history.back(-1)</Script>"
			Response.end
		End If
	next
next
End If
If Request.QueryString<>"" Then
	for each Sql_Get In Request.QueryString
		for Sql_Date=0 To Ubound(Sql_In)
			If instr(Request.QueryString(Sql_Get),Sql_In(Sql_Date))>0 Then
				conn.Execute("insert into SqlIn(IP,Web,Mode,Parameter,Data,Locked) values('"&IP&"','"&Request.ServerVariables("URL")&"','GET','"&Sql_Get&"','"&replace(Request.QueryString(Sql_Get),"'","''")&"','"&Locked&"')")
				Response.Write "<Script Language=JavaScript>history.back(-1)</Script>"
				Response.end
			End If
		next
	next
End If
'END SUB

If Locked="1" Then
	Set rs=conn.execute("select IP from SqlIn where IP='"&IP&"'")
	If not(rs.eof or rs.bof) Then
		Response.write "<Script Language=JavaScript>alert('"&Title&"提示：\n\n你的Ip已经被本系统自动锁定！\n\n如想访问本站请和管理员联系！\n\nHttp://Www.wrsky.Com  \n\n系统版本:V3.0(ASP)\n\nBy:Neeao');</Script>"
	Response.End
	End If
	rs.close
	set rs=nothing
End If
%>