直接保存为一个conn.asp文件然后include即可!
-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-
<%@ LANGUAGE = VBScript CodePage = 936%>
<%
'--------版权说明--------
'风风自己的CONN.ASP文件,版权没有,欢迎使用!
'这个conn的优点:1.防止%5c暴库;2.防止SQL注入攻击
%>
<%
'Option Explicit '代码标准化
Dim MyDb_ConnPathStr,MyDb_ConnDbStr,MyDb_ConnStr,conn
Response.Buffer = True '设置是否缓存输出
MyDb_ConnPathStr = "Database" '指定数据库文件夹
MyDb_ConnDbStr = "Db.mdb" '指定数据库名
MyDb_ConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(MyDb_ConnPathStr &"/"& MyDb_ConnDbStr)
On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
conn.open MyDb_ConnStr
Response.Write("<!--Written"&" By"&" Eafin-->")
If Err Then
err.Clear
Set conn = Nothing
Response.Write "<p align=""center""><font color=""red"" style=""font-size:24px;""><b>DataBase Error!</b></font></p>" '错误提示
Response.End
End If
%>
<%
'--------定义部份------------------
Dim Ef_Post,Ef_Get,Ef_In,Ef_Inf,Ef_Xh,Ef_db,Ef_dbstr,Kill_IP,WriteSql
'自定义需要过滤的字串,用 "|" 分隔
Ef_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
'----------------------------------
Ef_Inf = split(Ef_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Ef_Post In Request.Form
For Ef_Xh=0 To Ubound(Ef_Inf)
If Instr(LCase(Request.Form(Ef_Post)),Ef_Inf(Ef_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n请不要在参数中包含非法字符!');</Script>"
Response.Write "非法操作!系统做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:POST<br>"
Response.Write "提交参数:"&Ef_Post&"<br>"
Response.Write "提交数据:"&Request.Form(Ef_Post)
Response.End
End If
Next
Next
End If
'----------------------------------
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Ef_Get In Request.QueryString
For Ef_Xh=0 To Ubound(Ef_Inf)
If Instr(LCase(Request.QueryString(Ef_Get)),Ef_Inf(Ef_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n请不要在参数中包含非法字符!');</Script>"
Response.Write "非法操作!系统做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:GET<br>"
Response.Write "提交参数:"&Ef_Get&"<br>"
Response.Write "提交数据:"&Request.QueryString(Ef_Get)
Response.End
End If
Next
Next
End If
%>
-=-=-=-=-=-=-=-=-
回复Comments
作者:
{commentrecontent}