hzhost·Àasp¹¥»÷º¯Êý
hzhost·Àasp¹¥»÷º¯Êý
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"·Ç·¨ÇëÇ󣡣¡£¡")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
Ïà¹ØÎĵµ£º
ÔÎÄÒýÓÃ:
http://www.17558.net/cmd.asp?act=tb&id=16&key=43840
ÔÎĵØÖ·:http://www.17558.net/post/16.html
żÊÇÒ»¸öµ×²ãµÄASP¼¼ÊõÈËÔ±(ÊôÓÚ°ë·³ö¼ÒµÄÄÇÖÖ,ÒÔÇ°ÊÇÒ»ÃûÍøÂç¼¼ÊõÈËÔ±),×î½ü²ÎÓëÖÆ×÷Ò»¸öCRMϵͳ,¼Ü¹»²ÉÓÃASP+SQL,¿¼Âǵ½ÒÔºóÊý¾Ý²éѯЧÂÊÎÊÌâ,ËùÒÔÔÚÍøÉÏÕÒÁËÒ»¸ö AspÊý¾Ý²Ù×÷×é¼þ(°ÙÍò¼¶·ÖÒ³) , ......
Set xlApp = CreateObject("Excel.Application")
xlApp.DisplayAlerts = false '²»ÏÔʾ¾¯¸æ
'xlApp.Application = false ......
Ö±±¼Ö÷Ìâ.
Ä¿Ç°ÔÚά»¤Ò»Ì×´óÐ͵ÄASPÊÛºóϵͳ(2000¶à¸öasp page),´úÂëÊÇ2001Äê³öÀ´µÄ,ÆÚ¼ä¶àÄêδ×ö¸üÐÂ,´úÂëÖвÎÔÓ¶à¸ö³ÌÐòÔ±µÄ·ç¸ñ,½á¹¹ÉÏÖ»ÊǼòµ¥µÄ½«main function ¼¯ÖÐÆðÀ´,½«¸´ÔÓµÄsql¼¯ÖÐÆðÀ´. Ò³ÃæÉÏÏ൱»ìÂÒ.
ûÓмòµ¥µØȥתÏò.net»·¾³,ÒòΪÕâ¸öÏµÍ³Ê¹Ó ......
ÔÚ ASP ÖÐʹÓà Request.ServerVariables("REMOTE_ADDR") À´È¡µÃ¿Í»§¶ËµÄ IP µØÖ·£¬µ«Èç¹û¿Í»§¶ËÊÇʹÓôúÀí·þÎñ
Æ÷À´·ÃÎÊ£¬ÄÇÈ¡µ½µÄ¾ÍÊÇ´úÀí·þÎñÆ÷µÄ IP µØÖ·£¬¶ø²»ÊÇÕæÕýµÄ¿Í»§¶Ë IP µØÖ·¡£ÒªÏë͸¹ý´úÀí·þÎñÆ÷È¡µÃ¿Í»§¶ËµÄÕæʵ
IP µØÖ·£¬¾ÍҪʹÓÃ& ......
<%
set rs=server.CreateObject(”ADODB.recordset”)
sql =”select * from ±í”
rs.open sql,conn,1,1
page=cint(request(”page”))
n=rs.RecordCount
rs.pagesize=12
m=cint(rs.pagecount)
if page=”" then
page=1
elseif page<1 then
page=1
end if
if cint(r ......
