Wapls_sqlin.asp
资源名称:7.rar [点击查看]
上传用户:lfyh0123
上传日期:2020-11-04
资源大小:200k
文件大小:5k
源码类别:

手机WAP编程

开发平台:

ASP/ASPX

  1. <%
  2. '==================================
  3. '=文 件 名:wapls_sqlin.asp
  4. '=适用版本:蓝色世纪WAP网站管理系统(CMS)V1.1
  5. '=官方版权:http://www.songfr.cn
  6. '=文件功能:防止SQL黑客攻击并记录、锁定、屏蔽
  7. '=文件作者:蓝色阳光
  8. '=发行时间:2007-02-01
  9. '==================================
  10. '--------定义部份------------------
  11. Dim wapls_Post,wapls_Get,wapls_In,wapls_Inf,wapls_Xh,wapls_db,wapls_dbstr,Kill_IP,WriteSql
  12. '自定义需要过滤的字串,用 "|" 分隔
  13. wapls_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|truncate|char|declare|or"
  14. Kill_IP=True
  15. WriteSql=True
  16. wapls_Inf = split(wapls_In,"|")
  17. '--------POST部份------------------
  18. If Request.Form<>"" Then
  19. For Each wapls_Post In Request.Form
  20. For wapls_Xh=0 To Ubound(wapls_Inf)
  21. If Instr(LCase(Request.Form(wapls_Post)),wapls_Inf(wapls_Xh))<>0 Then
  22. If WriteSql=True Then
  23. sql="select * from wapls_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true" 
  24. set rs=server.createobject("adodb.recordset")
  25. rs.open sql,conn,1,3
  26. if rs.eof or rs.bof then 
  27. rs.addnew
  28. rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR")
  29. rs("SqlIn_Web")=Request.ServerVariables("URL")
  30. rs("SqlIn_FS")="POST"
  31. rs("SqlIn_CS")=wapls_Post
  32. rs("SqlIn_SJ")=replace(Request.Form(wapls_Post),"'","''")
  33. if sqlin_ok=2 then '打开防注功能但不锁定IP
  34. rs("Kill_ip")=False
  35. else
  36. rs("Kill_ip")=False '系统默认不锁定POST提交!
  37. end if
  38. rs.update
  39. rs.close:set rs=nothing
  40. End If
  41. Response.Write "<card title=""访问出错了""><p>请不要在参数中包含非法字符尝试注"
  42. Response.Write "非法操作!系统做了如下记录↓<br/>"
  43. Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br/>"
  44. Response.Write "操作时间:"&Now&"<br/>"
  45. Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br/>"
  46. Response.Write "提交方式:POST<br/>"
  47. Response.Write "提交参数:"&wapls_Post&"<br/>"
  48. Response.Write "提交数据:"&Request.Form(wapls_Post)
  49. Response.write "<br/><anchor><prev/>返回上级</anchor></p></card></wml>"
  50. Response.End
  51. End If
  52. End If
  53. Next
  54. Next
  55. End If
  56. '--------GET部份-------------------
  57. If Request.QueryString<>"" Then
  58. For Each wapls_Get In Request.QueryString
  59. For wapls_Xh=0 To Ubound(wapls_Inf)
  60. If Instr(replace(LCase(Request.QueryString(wapls_Get)),"<br><li>",""),wapls_Inf(wapls_Xh))<>0 Then
  61. If WriteSql=True Then
  62. sql="select * from wapls_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true" '2005-11-21 Updated
  63. set rs=server.createobject("adodb.recordset")
  64. rs.open sql,conn,1,3
  65. if rs.eof or rs.bof then 
  66. rs.addnew
  67. rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR")
  68. rs("SqlIn_Web")=Request.ServerVariables("URL")
  69. rs("SqlIn_FS")="GET"
  70. rs("SqlIn_CS")=wapls_Get
  71. rs("SqlIn_SJ")=replace(Request.QueryString(wapls_Get),"'","''")
  72. if sqlin_ok=2 then '打开防注功能但不锁定IP
  73. rs("Kill_ip")=False
  74. else
  75. rs("Kill_ip")=True
  76. end if
  77. rs.update
  78. rs.close:set rs=nothing
  79. End If
  80. Response.Write "<card title=""访问出错了""><p>请不要在参数中包含非法字符尝试注入!"
  81. Response.Write "非法操作!系统做了如下记录↓<br/>"
  82. Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br/>"
  83. Response.Write "操作时间:"&Now&"<br/>"
  84. Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br/>"
  85. Response.Write "提交方式:GET<br/>"
  86. Response.Write "提交参数:"&wapls_Get&"<br/>"
  87. Response.Write "提交数据:"&Request.QueryString(wapls_Get)
  88. Response.write "<br/><anchor><prev/>返回上级</anchor></p></card></wml>"
  89. Response.End
  90. End If
  91. End If
  92. Next
  93. Next
  94. End If
  95. If Kill_IP=True Then
  96. Dim cur_IP,rsKill_IP,Kill_IPsql
  97. cur_IP=Request.ServerVariables("REMOTE_ADDR")
  98. Kill_IPsql="select Sqlin_IP from wapls_SqlIn where Sqlin_IP='"&cur_IP&"' and kill_ip=true"
  99. set rsKill_IP=server.createobject("adodb.recordset")
  100. rsKill_IP.open Kill_IPsql,conn,1,1
  101. If Not(rsKill_IP.eof or rsKill_IP.bof) Then
  102. Response.write "<card title=""访问出错了!!""><p>"
  103. response.write outHTM(sqlin_ok1)
  104. Response.write "</p></card></wml>"
  105. Response.End
  106. End If
  107. rsKill_IP.close:set rsKill_IP=nothing
  108. End If
  109. %>