| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- <%Session.CodePage=65001%>
- <META http-equiv=Content-Type content="text/html; charset=utf-8">
- <!--#include file="MD5.asp"-->
- <%'在线判断
- sub log_chk()
- if session("adminxxx")="" then
- response.Redirect("../index.asp")
- end if
- end sub%>
-
- <%'返回上以页
- Sub BackUrl(text)
- response.Write"<script language='javascript'>alert('"&text&"');history.go(-1);</script>"
- response.End()
- end Sub%>
-
- <%'返回指定页
- Sub GoUrl(Url,Txt)
- response.write"<SCRIPT language=JavaScript>alert('"&Txt&"');"
- response.write"this.location.href='"&Url&"';</SCRIPT>"
- response.end
- end sub%>
-
- <%'特殊字符过滤
- sub passChk()
- dim sql_injdata
- SQL_injdata = "’|""|{|}|[|]|\|:|;|<|>|?|,|.|`|~|!|@|$|%|^|(|)|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or"
- SQL_inj = split(SQL_Injdata,"|")
- '防止Get方法注入
- If Request.QueryString<>"" Then
- For Each SQL_Get In Request.QueryString
- For SQL_Data=0 To Ubound(SQL_inj)
- if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
- response.Redirect("../index.asp")
- end if
- next
- Next
- End If
- '防止Post方法注入
- If Request.Form<>"" Then
- For Each Sql_Post In Request.Form
- For SQL_Data=0 To Ubound(SQL_inj)
- if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
- response.Redirect("../index.asp")
- end if
- next
- next
- end if
- end sub%>
- <%'数据库路径
- set Conn=server.createobject("adodb.connection")
- Conn.open"provider=microsoft.jet.oledb.4.0;data source=" & server.mappath("../../database/#database1#.mdb")%>
- <!--#include file="theFunc.asp"-->
|
