“奋战五年，再造安吉”动员大会--发展论坛

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <% '防SQL注入 squery=lcase(Request.ServerVariables("QUERY_STRING")) sURL=lcase(Request.ServerVariables("HTTP_HOST")) allquery=squery+sURL If InStr(allquery,"%20")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%a1a1")<>0 or InStr(allquery,"%24")<>0 or InStr(allquery,"$")<>0 or InStr(allquery,"%3b")<>0 or InStr(allquery,";")<>0 or InStr(allquery,"%%")<>0 or InStr(allquery,"%3c")<>0 or InStr(allquery,"<")<>0 or InStr(allquery,">")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"sp_")<>0 or InStr(allquery,"xp_")<>0 or InStr(allquery,"exec")<>0 or InStr(allquery,"\")<>0 or InStr(allquery,"delete")<>0 or InStr(allquery,"dir")<>0 or InStr(allquery,"exe")<>0 or InStr(allquery,"select")<>0 or InStr(allquery,"Update")<>0 or InStr(allquery,"cmd")<>0 or InStr(allquery,"*")<>0 or InStr(allquery,"^")<>0 or InStr(allquery,"(")<>0 or InStr(allquery,")")<>0 or InStr(allquery,"+")<>0 or InStr(allquery,"copy")<>0 or InStr(allquery,"format")<>0 or not(isnumeric(request("id"))) then Response.redirect "/" Response.End End If '取得ip地址 Ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR") If Ip = "" Then Ip = Request.ServerVariables("REMOTE_ADDR") End If dim conn,connstr on error resume next connstr="DBQ="+server.mappath("#Date4324.asp")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" '数据库连接地址 Set conn=server.createobject("ADODB.CONNECTION") conn.open connstr '过滤代码 Function htmlencode(fString) If not isnull(fString) then fString = replace(fString, ">", ">") fString = replace(fString, "<", "<") fString = Replace(fString, CHR(32), " ") fString = Replace(fString, CHR(9), " ") fString = Replace(fString, CHR(34), """) fString = Replace(fString, CHR(39), "'") fString = Replace(fString, CHR(13), "") fString = Replace(fString, CHR(10) & CHR(10), "

") fString = Replace(fString, CHR(10), "
") htmlencode = fString End If End Function Function uhtmlencode(fString) If not isnull(fString) then fString = Replace(fString, " ", CHR(32)) fString = Replace(fString, " ", CHR(9)) fString = Replace(fString, """, CHR(34)) fString = Replace(fString, "'", CHR(39)) fString = Replace(fString, "", CHR(13)) fString = Replace(fString, "

", CHR(10) & CHR(10)) fString = Replace(fString, "
", CHR(10)) uhtmlencode = fString End If End Function '判断是否登陆 Function checkadmin() If session("Admin")="" then Response.redirect "?action=login" Response.End End If End Function '获取浏览器action action=Request.Querystring("action") '获取浏览器id id=Request.Querystring("id") 'id是否为空 If id<>"" and not isnumeric(id) then Response.Write "" Response.End End If %> “奋战五年，再造安吉”动员大会--发展论坛