<% 'On Error Resume Next dim DbPath,conn DbPath = SERVER.MapPath("manage/Data/Data.mdb") Set conn= Server.CreateObject("ADODB.Connection") conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="& DbPath Sub CloseConn() conn.close() set conn=nothing end sub if request("repl")<>"off" then Call ChkData() end if sub ChkData() ' '--------定义部份------------------ ' Dim XH_Post,XH_Get,XH_In,XH_Inf,XH_Xh,XH_db,XH_dbstr ' '自定义需要过滤的字串,用 "|" 分隔 ' XH_In = "'|;|and|exec|insert|select|delete%20from|update|count|*|%|chr|mid|master|truncate|char|declare|drop%20table|from|net%20user|xp_cmdshell|/add|net%20localgroup%20administrators|Asc|char" ' '---------------------------------- ' XH_Inf = split(XH_In,"|") ' '--------POST部份------------------ ' if Request.Form<>"" Then ' For Each XH_Post In Request.Form ' For XH_Xh=0 To Ubound(XH_Inf) ' if Instr(LCase(Request.Form(XH_Post)),XH_Inf(XH_Xh))<>0 Then ' response.Write("") ' PMsg = "处理数据时发生错误！
数据类型不匹配！" ' Call PopMsg("数据类型") ' End if ' Next ' Next ' End if ' '---------------------------------- ' ' '--------GET部份------------------- ' if Request.QueryString<>"" Then ' For Each XH_Get In Request.QueryString ' For XH_Xh=0 To Ubound(XH_Inf) ' if Instr(LCase(Request.QueryString(XH_Get)),XH_Inf(XH_Xh))<>0 Then ' response.Write("") ' PMsg = "处理数据时发生错误！
数据类型不匹配！" ' Call PopMsg("数据类型") ' End if ' Next ' Next ' End if ' '---------------------------------- end sub Function CheckStr(Str) Str = Trim(Str) Str = Replace(Str, "<", "<") Str = Replace(Str, ">", ">") Str = Replace(Str, "cookie", "cook1e") Str = Replace(Str, "document", "d0cument") Str = Replace(Str, "script", "scr1pt") Str = Replace(Str, CHR(32), " ") Str = Replace(Str, CHR(34), """) Str = Replace(Str, CHR(39), "'") Str = Replace(Str, CHR(13), "") Str = Replace(Str, CHR(10) & CHR(10), "

") Str = Replace(Str, CHR(10), "
") Str = Replace(Str, "’", "\’") Str = Replace(Str, "”", "\”") CheckStr =Str End Function Function CheckStr1(Str) Str = Trim(Str) if instr(str,"<")>0 then Str = Replace(Str, "<", "<") end if if instr(str,">")>0 then Str = Replace(Str, ">", ">") end if if instr(str,"cook1e")>0 then Str = Replace(Str, "cook1e", "cookie") end if if instr(str,"d0cument")>0 then Str = Replace(Str, "d0cument", "document") end if if instr(str,"scr1pt")>0 then Str = Replace(Str, "scr1pt", "script") end if if instr(str," ")>0 then Str = Replace(Str, " ", CHR(32)) end if if instr(str,""")>0 then Str = Replace(Str, """, CHR(34)) end if if instr(str,"'")>0 then Str = Replace(Str, "'", CHR(39)) end if if instr(str,"")>0 then Str = Replace(Str, "", CHR(13)) end if if instr(str,"

")>0 then Str = Replace(Str, "

", CHR(10) & CHR(10)) end if if instr(str,"
")>0 then Str = Replace(Str, "
", CHR(10)) end if if instr(str,"\’")>0 then Str = Replace(Str, "\’", "’") end if if instr(str,"\”")>0 then Str = Replace(Str, "\”", "”") end if CheckStr1 =Str End Function %>