SQL_Mysql_Postgresql_Oracle_DB2_Sybase_Informix_服务器学院_服务器专区

<% '------------------sql zhuru '-----------防注入代码---------------- '--------定义部份------------------ 'Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr '自定义需要过滤的字串,用 "|||" 分隔 Fy_In = "'|||;|||and|||exec|||insert|||select|||delete|||update|||count|||*|||%|||chr|||mid|||master|||truncate|||char|||declare" '---------------------------------- Fy_Inf = split(Fy_In,"|||") '--------POST部份------------------ If Request.Form<>"" Then For Each Fy_Post In Request.Form For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then response.redirect "http://www.it168.com" End If Next Next End If '---------------------------------- '--------GET部份------------------- If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then response.redirect "http://www.it168.com" End If Next Next End If ''''''''''-----------sql end %> SQL_Mysql_Postgresql_Oracle_DB2_Sybase_Informix_服务器学院_服务器专区_IT168.COM <% if nosb(trim(request("key")))<>"" then pkey=nosb(trim(request("key"))) else pkey="sql" end if %> <% function opentxt(namestr) dim funstr funstr = "" set fs=server.createobject("scripting.filesystemobject") filepath = Server.MapPath("\school\txt") filepath = filepath & "\" & namestr 'response.write filepath if fs.FileExists(filepath) then set mytextfile=fs.opentextfile(filepath) 'response.write mytextfile.readall funstr = mytextfile.readall mytextfile.close set mytextfile=nothing end if set fs=nothing opentxt = funstr end function %>

<% select case pkey case "sql" response.write opentxt("2005doc_1543sqls.txt") case "mysql" response.write opentxt("2005doc_1543mysql.txt") case "postgresql" response.write opentxt("2005doc_1543postgresql.txt") case "oracle" response.write opentxt("2005doc_1543oracle.txt") case "informix" response.write opentxt("2005doc_1543informix.txt") case "sybase" response.write opentxt("2005doc_1543sybase.txt") case "db2" response.write opentxt("2005doc_1543db2.txt") case else response.write opentxt("2005doc_1543sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1544sqls.txt") case "mysql" response.write opentxt("2005doc_1544mysql.txt") case "postgresql" response.write opentxt("2005doc_1544postgresql.txt") case "oracle" response.write opentxt("2005doc_1544oracle.txt") case "informix" response.write opentxt("2005doc_1544informix.txt") case "sybase" response.write opentxt("2005doc_1544sybase.txt") case "db2" response.write opentxt("2005doc_1544db2.txt") case else response.write opentxt("2005doc_1544sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1545sqls.txt") case "mysql" response.write opentxt("2005doc_1545mysql.txt") case "postgresql" response.write opentxt("2005doc_1545postgresql.txt") case "oracle" response.write opentxt("2005doc_1545oracle.txt") case "informix" response.write opentxt("2005doc_1545informix.txt") case "sybase" response.write opentxt("2005doc_1545sybase.txt") case "db2" response.write opentxt("2005doc_1545db2.txt") case else response.write opentxt("2005doc_1545sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1546sqls.txt") case "mysql" response.write opentxt("2005doc_1546mysql.txt") case "postgresql" response.write opentxt("2005doc_1546postgresql.txt") case "oracle" response.write opentxt("2005doc_1546oracle.txt") case "informix" response.write opentxt("2005doc_1546informix.txt") case "sybase" response.write opentxt("2005doc_1546sybase.txt") case "db2" response.write opentxt("2005doc_1546db2.txt") case else response.write opentxt("2005doc_1546sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1547sqls.txt") case "mysql" response.write opentxt("2005doc_1547mysql.txt") case "postgresql" response.write opentxt("2005doc_1547postgresql.txt") case "oracle" response.write opentxt("2005doc_1547oracle.txt") case "informix" response.write opentxt("2005doc_1547informix.txt") case "sybase" response.write opentxt("2005doc_1547sybase.txt") case "db2" response.write opentxt("2005doc_1547db2.txt") case else response.write opentxt("2005doc_1547sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1548sqls.txt") case "mysql" response.write opentxt("2005doc_1548mysql.txt") case "postgresql" response.write opentxt("2005doc_1548postgresql.txt") case "oracle" response.write opentxt("2005doc_1548oracle.txt") case "informix" response.write opentxt("2005doc_1548informix.txt") case "sybase" response.write opentxt("2005doc_1548sybase.txt") case "db2" response.write opentxt("2005doc_1548db2.txt") case else response.write opentxt("2005doc_1548sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1549sqls.txt") case "mysql" response.write opentxt("2005doc_1549mysql.txt") case "postgresql" response.write opentxt("2005doc_1549postgresql.txt") case "oracle" response.write opentxt("2005doc_1549oracle.txt") case "informix" response.write opentxt("2005doc_1549informix.txt") case "sybase" response.write opentxt("2005doc_1549sybase.txt") case "db2" response.write opentxt("2005doc_1549db2.txt") case else response.write opentxt("2005doc_1549sqls.txt") end select %>

<% select case pkey case "sql" response.write opentxt("2005doc_1550sqls.txt") case "mysql" response.write opentxt("2005doc_1550mysql.txt") case "postgresql" response.write opentxt("2005doc_1550postgresql.txt") case "oracle" response.write opentxt("2005doc_1550oracle.txt") case "informix" response.write opentxt("2005doc_1550informix.txt") case "sybase" response.write opentxt("2005doc_1550sybase.txt") case "db2" response.write opentxt("2005doc_1550db2.txt") case else response.write opentxt("2005doc_1550sqls.txt") end select %>