auto.asp
来自「一套设计完善、高效的web商城解决方案」· ASP 代码 · 共 106 行
ASP
106 行
<%
Dim IP
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" Then
IP= Request.ServerVariables("REMOTE_ADDR")
ELSE
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
End If
Dim Sql_InDate,Sql_In,Sql_Date,Sql_Post,Sql_Get
Sql_InDate ="select |insert |delete from|'|count(|drop table|update |truncate |asc(|mid(|char(|xp_cmdshell|exec master|net localgroup administrators|net user| or | and |%20from"
Sql_In = split(Sql_InDate,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For Sql_Date=0 To Ubound(Sql_In)
If instr(Request.Form(Sql_Post),Sql_In(Sql_Date))>0 Then
If SqlLog="1" then:conn.Execute("insert into SqlIn(IP,Web,Mode,Parameter,Data,Locked)values('"&IP&"','"&Request.ServerVariables("URL")&"','POST','"&Sql_Post&"','"&replace(Request.Form(Sql_Post),"'","''")&"','"&Locked&"')")
Response.redirect "/"&SysPath&"Err.asp"
Response.end
End If
next
next
End If
If Request.QueryString<>"" Then
for each Sql_Get In Request.QueryString
for Sql_Date=0 To Ubound(Sql_In)
If instr(Request.QueryString(Sql_Get),Sql_In(Sql_Date))>0 Then
conn.Execute("insert into SqlIn(IP,Web,Mode,Parameter,Data,Locked)values('"&IP&"','"&Request.ServerVariables("URL")&"','GET','"&Sql_Get&"','"&replace(Request.QueryString(Sql_Get),"'","''")&"','"&Locked&"')")
Response.redirect "/"&SysPath&"Err.asp"
Response.end
End If
next
next
End If
SUB Cookie()
If Session("YzShoppingCartSystem")="" then
Session("YzShoppingCartSystem")="YzShoppingCartSystem"
End if
End SUB
SUB SqlIn()
If Locked="1" Then
Set rs=conn.execute("select IP from SqlIn where Locked=1 and IP='"&IP&"'")
If not(rs.eof and rs.bof) Then
Response.redirect "/"&SysPath&"Err.asp?Err=IP"
Response.End
End If
rs.close
set rs=nothing
End If
END SUB
SUB RequestErrBigId()
If IsNumeric(request.QueryString("BigId"))=False or request.QueryString("BigId")="" Then
Response.Write "<Script Language=JavaScript>history.back(-1)</Script>"
response.end
End If
END SUB
SUB RequestErrSmallId()
If IsNumeric(request.QueryString("SmallId"))=False or request.QueryString("SmallId")="" Then
Response.Write "<Script Language=JavaScript>history.back(-1)</Script>"
response.end
End If
END SUB
SUB RequestErrThirdIdId()
If IsNumeric(request.QueryString("ThirdId"))=False or request.QueryString("ThirdId")="" Then
Response.Write "<Script Language=JavaScript>history.back(-1)</Script>"
response.end
End If
END SUB
SUB RequestErrId()
If IsNumeric(request.QueryString("Id"))=False or request.QueryString("Id")="" Then
Response.Write "<Script Language=JavaScript>history.back(-1)</Script>"
response.end
End If
END SUB
set rsx = conn.execute("select * from TempList where datediff('n',date,now())>120")
For I = 1 To rsx.Recordcount
conn.execute("Update Merchandise set Stock=Stock+"&rsx("Amount")&" where id="&rsx("cpid")&"")
rsx.MoveNext
Next
rsx.close
set rsx=nothing
conn.execute("Delete From TempList where datediff('n',date,now())>120")
conn.execute("Delete From TempOrder where datediff('n',date,now())>120")
set rsx = conn.execute("select * from OrderList where datediff('n',date,now())>120 and Trashy<>0")
For I = 1 To rsx.Recordcount
conn.execute("Update Merchandise set Stock=Stock+"&rsx("Amount")&" where id="&rsx("cpid")&"")
rsx.MoveNext
Next
rsx.close
set rsx=nothing
conn.execute("Delete From OrderForm where datediff('n',date,now())>120 and State=0")
conn.execute("Delete From OrderList where datediff('n',date,now())>120 and Trashy<>0")
'conn.execute("Delete From Favorite where datediff('d',date,now())>30")
if Session("Grade")="" then
Grade="1"
else
Grade=Session("Grade")
end if
%>⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?