到底问题出在哪
0 or InStr(UserAgent,"webzip") > 0 or InStr(UserAgent,"flashget")>0 or InStr(UserAgent,"offline")>0 Then
Response.Write "非法浏览!"
Response.End
End If
Function SafeRequest(ParaName,ParaType)
Dim ParaValue
ParaValue=Request(ParaName)
If ParaType=1 then
If not isNumeric(ParaValue) then
Response.write "参数" & ParaName & "必须为数字型,请正确操作!"
Response.end
End if
Else
ParaValue=replace(ParaValue,"'","''")
End if
SafeRequest=ParaValue
End function
Function FormatSQL(strChar)
if strChar="" then
FormatSQL=""
else
FormatSQL=replace(replace(replace(replace(replace(replace(replace(replace(strChar,"'","’"),"*","×"),"?","?"),"(","("),")",")"),""" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")0 Then
Select Case Fy_Cl
Case "1"
Response.Write ""
Case "2"
Response.Write ""
Case "3"
Response.Write ""
End Select
Response.End
End If
End If
Next
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(""&Buy2Buy&"")
On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
conn.open connstr
If Err Then
err.Clear
Set Conn = Nothing
Response.Write "数据库连接出错,请检查Conn.asp中的数据库指向。"'
Response.End
End If
|