<% SQL_injdata = "'|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|set" SQL_inj = split(SQL_Injdata,"|") If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then Response.Write "" Response.end end if next Next End If If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then Response.Write "" Response.end end if next next end if %> <% function htmlencode(str)'滤出一些非法和无效的代码,安全性和UBB就在这里完成 dim result dim l if isNULL(str) then htmlencode="" exit function end if l=len(str) result="" dim i for i = 1 to l select case mid(str,i,1)'依次取出1个字符来进行检查。 case "<" result=result+"<" case ">" result=result+">" case chr(13) result=result+"
" case chr(34) result=result+""" case "&" result=result+"&" case chr(32) 'result=result+" " if i+1<=l and i-1>0 then if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) then result=result+" " else result=result+" " end if else result=result+" " end if case chr(9) result=result+" " case else result=result+mid(str,i,1) end select next htmlencode=result end function function sustainhtml(str) dim result dim l if isNULL(str) then sustainhtml="" exit function end if l=len(str) result="" dim i for i = 1 to l select case mid(str,i,1) case chr(13) result=result+"
" case chr(34) result=result+""" case chr(32) 'result=result+" " if i+1<=l and i-1>0 then if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) then result=result+" " else result=result+" " end if else result=result+" " end if case "&" result=result+"&" case chr(9) result=result+" " case else result=result+mid(str,i,1) end select next sustainhtml=result end function ' 检查sql字符串中是否有单引号,有则进行转化 function CheckStr(str) dim tstr,l,i,ch l=len(str) for i=1 to l ch=mid(str,i,1) if ch="'" then tstr=tstr+"'" end if tstr=tstr+ch next CheckStr=tstr end function function IsValidEmail(email) dim names, name, i, c 'Check for valid syntax in an email address. '检查邮箱的字符串是否合法 IsValidEmail = true names = Split(email, "@") if UBound(names) <> 1 then IsValidEmail = false exit function end if for each name in names if Len(name) <= 0 then IsValidEmail = false exit function end if for i = 1 to Len(name) c = Lcase(Mid(name, i, 1)) if InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric(c) then IsValidEmail = false exit function end if next if Left(name, 1) = "." or Right(name, 1) = "." then IsValidEmail = false exit function end if next if InStr(names(1), ".") <= 0 then IsValidEmail = false exit function end if i = Len(names(1)) - InStrRev(names(1), ".") if i <> 2 and i <> 3 then IsValidEmail = false exit function end if if InStr(email, "..") > 0 then IsValidEmail = false end if end function %> <% function saferequest(paraname,paratype) '--- 传入参数 --- 'paraname:参数名称-字符型 'paratype:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符) dim paravalue paravalue=request(paraname) if paratype=1 then if not isnumeric(paravalue) then response.write "参数" & paraname & "必须为数字型!" response.end end if else paravalue=replace(paravalue,"'","'") end if saferequest=paravalue end function %> <% function kbbs(stru) if not isnull(stru) then stru = replace(stru, ">", ">") stru = replace(stru, "<", "<") stru = replace(stru, chr(32)& chr(32), " ") stru = replace(stru, chr(32), " ") stru = replace(stru, chr(9), " ") stru = replace(stru, chr(34), """) stru = replace(stru, chr(39), "'") stru = replace(stru, chr(13), "
 ") stru = replace(stru, chr(10), " ") kbbs = stru end if end function %> 专家解答条码打印机维修|数据采集器维修|条码扫描器故障_大真条码,中国条码设备故障最大服务中心
请您留言:
   姓名: *
标题:
*
   电子邮件:
内容:
*
   联系电话:
   地址:
   验证码:   
    

<% page=request("page") if page="" then page=1 if not(isnumeric(page)) then page=1 if page<1 then page=1 page=int(page) sql="select * from gbook order by id desc" rs.open sql,conn,3,3 if rs.eof then response.write "没有找到记录" response.end else rs.pagesize=20 totalrec=rs.recordcount totalpage=rs.pagecount if page>totalpage then page=totalpage rs.absolutepage=page rs.cachesize=rs.pagesize jnum=rs.pagesize i=0 do while not rs.eof and i <%if rs("reversion")<>"reversion" then%> <%end if%>
标题<%=rs("title")%> <%if session("username")="admin" then%>

" class="green">修改

">删除 <%end if%>
留言人姓名:<%=rs("name")%>
  <%=kbbs(rs("content"))%>
专家解答:
  <%=kbbs(rs("reversion"))%>
ip: <%=left(rs("ip"),7)%> 发表时间:<%=rs("date")%> 地区:<%=rs("addr")%>编号:<%=rs("id")%>
<% rs.movenext loop end if %>

每页20条记录  共有<%=totalpage%>页  目前第<%=page%>页  转到 <%if page-1>0 then%> 上一页 <%end if%>   <%if page 下一页 <% end if rs.close %>

login

 

用微信扫一扫

条码打印机