<%
Dim StrServer,StrUid,StrSaPwd,StrDbName
StrServer="(local)"
StrUid="sa"
StrSaPwd="198410"
StrDbName="jiaoyou"
StrDSN = "Provider=SQLOLEDB.1;Persist Security Info=False;User ID=" & StrUid & ";PWD=" & StrSaPwd & ";Initial Catalog=" & StrDbName & ";Data Source=(local)"
Set Conn = Server.CreateObject("ADODB.Connection")
Set Rs=Server.CreateObject("ADODB.RecordSet")
Conn.Open StrDSN
'关闭Rs记录
Sub RsClose()
Rs.Close
Set Rs=Nothing
End Sub
'关闭Rss记录
Sub RssClose()
Rss.Close
Set Rss=Nothing
End Sub
'关闭Conn数据源
Sub ConnClose()
Conn.Close
Set Conn=Nothing
End Sub
'取得客户端IP
Function GetIP()
UserIp = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If UserIp = "" Then UserIp = Request.ServerVariables("REMOTE_ADDR")
GetIp = UserIp
End Function
'防止SQL注入函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) = True then
SafeRequest=ParaValue
exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0 or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
Response.Write "<script language='javascript'>"
Response.Write "alert('哥们,不要乱搞!');"
Response.Write "location.href='http://www.fjiayuan.cn/';"
Response.Write "</script>"
else
SafeRequest=Replace(ParaValue,"'","")
End If
End function
%><!--#include file="SqlX.Asp" --><!--#include file="ConFig.asp"-->