Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

Ò»¸öasp·Å×¢È뺯Êý

 sub aspsql()
SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
response.write "<mce:script language='javascript'><!--
"
response.write "alert('ÍøÕ¾°²È«Ìáʾ£ºÇë²»ÒªÔÚ²ÎÊýÖаüº¬·Ç·¨×Ö·û£¡');"
response.write "location.href='javascript:history.go(-1)';"
response.write "
// --></mce:script>"
response.end
end if
next
next
end if
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
response.write "<mce:script language='javascript'><!--
"
response.write "alert('ÍøÕ¾°²È«Ìáʾ£ºÇë²»ÒªÔÚ²ÎÊýÖаüº¬·Ç·¨×Ö·û£¡');"
response.write "location.href='javascript:history.go(-1)';"
response.write "
// --></mce:script>"
response.end
end if
next
Next
end If
end sub


Ïà¹ØÎĵµ£º

ASP³ÌÐòÓëSQL´æ´¢¹ý³ÌÏê½â

  ´æ´¢½ø³Ì¾ÍÊÇ×÷Ϊ¿ÉÖ´ÐжÔÏó´æ·ÅÔÚÊý¾Ý¿âÖеÄÒ»¸ö»ò¶à¸öSQLÃüÁî¡£
    ¶¨Òå×ÜÊǺܳéÏó¡£´æ´¢½ø³ÌÆäʵ¾ÍÊÇÄÜÍê³ÉÒ»¶¨²Ù×÷µÄÒ»×éSQLÓï¾ä£¬Ö»²»¹ýÕâ×éÓï¾äÊÇ·ÅÔÚÊý¾Ý¿âÖеÄ(ÕâÀïÎÒÃÇ̸ֻSQL SERVER)¡£Èç¹ûÎÒÃÇͨ¹ý´´½¨´æ´¢½ø³ÌÒÔ¼°ÔÚASPÖе÷Óô洢½ø³Ì£¬¾Í¿ÉÒÔ±ÜÃ⽫SQLÓï¾äͬASP´úÂë»ìÔÓÔÚÒ ......

¹ØÓÚaspº¯ÊýºÍ¹ý³ÌµÄ±äÁ¿ÊÇÖµ»¹ÊÇÖ¸Õë

 Ö¸ÕëÔÚCÖо­³£Ìáµ½£¬µ«ÊÇÈκÎÒ»ÖÖÓïÑÔÖж¼Òþ²Ø×ÅÖ¸Õë¡£
aspÒ²ÊÇÈç´Ë£¬ÔÚÎÒÃÇ´«µÝ²ÎÊý¸øfunction»òÕßsubʱ£¬ÎÒÃÇÈç¹û´«µÝµÄÊÇÒ»¸ö±äÁ¿£¬ÄÇôasp»á°ÑÕâ¸ö±äÁ¿µØÖ·´«¹ýÈ¥£¬ËùÒÔÈç¹ûÄãÔÚº¯ÊýºÍ¹ý³ÌÀïÃæ¸ü¸ÄÕâ¸ö²ÎÊý£¬ÄÇôԭ±äÁ¿Ò²»á¸Ä±ä¡£
'º¯ÊýÀý×Ó
Dim i1,i2
i1=1
'=======================
Function toadd(i)'»ò ......

aspÉÏ´«Àà

 1.UpLoadClass.asp
<%
Class UpLoadClass
Private p_MaxSize,p_FileType,p_SavePath,p_AutoSave,p_Error
Private objForm,binForm,binItem,strDate,lngTime
Public FormItem,FileItem
Public Property Get Version
Version=""
End Property
......

aspÉÏ´«Àà2

 1.html´úÂë  formnameÊÇ±íµ¥name,editnameÊÇÎļþÓòname,uppathÊÇÉÏ´«Îļþ±£´æ·¾¶.
<input name="qtxx" type="text" id="qtxx" size="50" />
 
<input type="button" name="Submit22" value="ÉÏ´«Í¼Æ¬" onClick="window.open('upload.asp?formname=from1&editname=qtxx&uppath ......

asp AccessÊý¾Ý±¸·Ý,»¹Ô­,ѹËõÀà

 <!--#include file="config.asp" -->
<!--#include file="Fun.asp" -->
<%
'Êý¾Ý¿â¹ÜÀíÀà
class Datas
'±¸·Ý
public sub Bk()
Set fso=server.createobject("scripting.filesystemobject")
fso.CopyFile Server.MapPath(SiteDataPath),Server.MapPath(SiteDataBakPath)
......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ