iheeo_fenleiclass.asp

易和阳光购物商城 v1.3 | 功能简介 增加了防注入文件

<table border="0" width="100%" cellspacing="5" cellpadding="3" class="wenbenkuang" bgcolor="#D9D9D9"><tr>
<td bgcolor="#FFFFFF"><%leixing=lcase(trim(request("lx")))
if InStr(leixing,"'")>0 then
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
response.end
end if
select case leixing
case "big"
anclassid=trim(request("anid"))

if not isnumeric(anclassid) then 
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
response.end
else
if not isinteger(anclassid) then
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
else
set rs=server.createobject("adodb.recordset")
rs.open "select * FROM BJX_class1 where anclassid="&anclassid,conn,1,1
anclassname=rs("anclass")
%><a href=index.asp><%=webname%></a><br> >> <a href="Class_view.asp?lx=big&anid=<%=rs("anclassid")%>"><%=rs("anclass")%></a></font>
<%
set rs_s=server.CreateObject("adodb.recordset")
rs_s.open "select * FROM BJX_class2 where anclassid="&rs("anclassid")&" order by nclassidorder",conn,1,1
if rs_s.recordcount=0 then 
%>暂无小分类<%
else
i=0
while not rs_s.eof
%><br>　>> <a href="Class_view.asp?lx=small&anid=<%=rs("anclassid")%>&nid=<%=rs_s("nclassid")%>"><u><%=rs_s("nclass")%></u></a><%rs_s.movenext
wend
end if
end if
end if
%><%
					  case "small"
					  	anclassid=request("anid")
						if not isnumeric(anclassid) then 
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
response.end
else
if not isinteger(anclassid) then
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
else
					  	nclassid=request("nid")
						if not isnumeric(nclassid) then 
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
response.end
else
if not isinteger(nclassid) then
response.write"<script>alert(""非法访问!"");location.href=""../index.asp"";</script>"
else
					  	set rs=server.createobject("adodb.recordset")
					  	rs.open "select * FROM BJX_class1 where anclassid="&anclassid,conn,1,1
						anclassname=rs("anclass")
						rs.close
					  	rs.open "select * FROM BJX_class2 where nclassid="&nclassid,conn,1,1
						nclassname=rs("nclass")
						rs.close
					  %><a href=index.asp><%=webname%></a><br> >> <a href=Class_view.asp?lx=big&anid=<%=anclassid%>><%=anclassname%></a><br>　>> <%=nclassname%><%
end if 
end if
end if
end if

case "tejia"%><a href=index.asp><%=webname%></a> >> <br>特价促销<%case "hot"%><a href=index.asp><%=webname%></a> >> <br>热卖排行<%case "news"%><a href=index.asp><%=webname%></a> >> <br>最新上架<%case else%><a href=index.asp><%=webname%></a> >> <br>全部商品<%end select%></td>
	</tr>
</table>