%
SQL_injdata = "'|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|set"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write ""
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write ""
Response.end
end if
next
next
end if
%>
<%
function htmlencode(str)'滤出一些非法和无效的代码,安全性和UBB就在这里完成
dim result
dim l
if isNULL(str) then
htmlencode=""
exit function
end if
l=len(str)
result=""
dim i
for i = 1 to l
select case mid(str,i,1)'依次取出1个字符来进行检查。
case "<"
result=result+"<"
case ">"
result=result+">"
case chr(13)
result=result+" "
case chr(34)
result=result+"""
case "&"
result=result+"&"
case chr(32)
'result=result+" "
if i+1<=l and i-1>0 then
if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) then
result=result+" "
else
result=result+" "
end if
else
result=result+" "
end if
case chr(9)
result=result+" "
case else
result=result+mid(str,i,1)
end select
next
htmlencode=result
end function
function sustainhtml(str)
dim result
dim l
if isNULL(str) then
sustainhtml=""
exit function
end if
l=len(str)
result=""
dim i
for i = 1 to l
select case mid(str,i,1)
case chr(13)
result=result+" "
case chr(34)
result=result+"""
case chr(32)
'result=result+" "
if i+1<=l and i-1>0 then
if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) then
result=result+" "
else
result=result+" "
end if
else
result=result+" "
end if
case "&"
result=result+"&"
case chr(9)
result=result+" "
case else
result=result+mid(str,i,1)
end select
next
sustainhtml=result
end function
' 检查sql字符串中是否有单引号,有则进行转化
function CheckStr(str)
dim tstr,l,i,ch
l=len(str)
for i=1 to l
ch=mid(str,i,1)
if ch="'" then
tstr=tstr+"'"
end if
tstr=tstr+ch
next
CheckStr=tstr
end function
function IsValidEmail(email)
dim names, name, i, c
'Check for valid syntax in an email address.
'检查邮箱的字符串是否合法
IsValidEmail = true
names = Split(email, "@")
if UBound(names) <> 1 then
IsValidEmail = false
exit function
end if
for each name in names
if Len(name) <= 0 then
IsValidEmail = false
exit function
end if
for i = 1 to Len(name)
c = Lcase(Mid(name, i, 1))
if InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric(c) then
IsValidEmail = false
exit function
end if
next
if Left(name, 1) = "." or Right(name, 1) = "." then
IsValidEmail = false
exit function
end if
next
if InStr(names(1), ".") <= 0 then
IsValidEmail = false
exit function
end if
i = Len(names(1)) - InStrRev(names(1), ".")
if i <> 2 and i <> 3 then
IsValidEmail = false
exit function
end if
if InStr(email, "..") > 0 then
IsValidEmail = false
end if
end function
%>
<%
function saferequest(paraname,paratype)
'--- 传入参数 ---
'paraname:参数名称-字符型
'paratype:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符) dim paravalue
paravalue=request(paraname)
if paratype=1 then
if not isnumeric(paravalue) then
response.write "参数" & paraname & "必须为数字型!"
response.end
end if
else
paravalue=replace(paravalue,"'","'")
end if
saferequest=paravalue
end function
%>
<%
function kbbs(stru)
if not isnull(stru) then
stru = replace(stru, ">", ">")
stru = replace(stru, "<", "<")
stru = replace(stru, chr(32)& chr(32), " ")
stru = replace(stru, chr(32), " ")
stru = replace(stru, chr(9), " ")
stru = replace(stru, chr(34), """)
stru = replace(stru, chr(39), "'")
stru = replace(stru, chr(13), " ")
stru = replace(stru, chr(10), " ")
kbbs = stru
end if
end function
%>
专家解答条码打印机维修|数据采集器维修|条码扫描器故障_大真条码,中国条码设备故障最大服务中心
<%
page=request("page")
if page="" then page=1
if not(isnumeric(page)) then page=1
if page<1 then page=1
page=int(page)
sql="select * from gbook order by id desc"
rs.open sql,conn,3,3
if rs.eof then
response.write "没有找到记录"
response.end
else
rs.pagesize=20
totalrec=rs.recordcount
totalpage=rs.pagecount
if page>totalpage then page=totalpage
rs.absolutepage=page
rs.cachesize=rs.pagesize
jnum=rs.pagesize
i=0
do while not rs.eof and i