<%
Response.Buffer = True '缓存页面
'防范get注入
If Request.QueryString <> "" Then StopInjection(Request.QueryString)
'防范post注入
If Request.Form <> "" Then StopInjection(Request.Form)
'防范cookies注入
If Request.Cookies <> "" Then StopInjection(Request.Cookies)
'正则子函数
Function StopInjection(Values)
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|#|([\s\b+()]+([email=select%7Cupdate%7Cinsert%7Cdelete%7Cdeclare%7C@%7Cexec%7Cdbcc%7Calter%7Cdrop%7Ccreate%7Cbackup%7Cif%7Celse%7Cend%7Cand%7Cor%7Cadd%7Cset%7Copen%7Cclose%7Cuse%7Cbegin%7Cretun%7Cas%7Cgo%7Cexists)[/s/b]select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b[/email]+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
Response.Write ""
Response.End
End If
Next
Set regEx = Nothing
End function
%>
<%
if DateDiff("s",session("time"),now())<0 then
response.write "3秒只能打开一次"
response.end
else
session("time")=now()
end if
%>
<%Response.Expires=0
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "Pragma","No-Cache"
Response.AddHeader "Cache-Control","Private"
Response.CacheControl = "No-Cache"
tdjh_name2008_jh=Session("tdjh_name2008_jh")
tdjh_enyuan=Session("tdjh_enyuan")
tdjh_2008jh_grade8she=Session("tdjh_2008jh_grade8she")
tdjh_jhdj2008_jh=Session("tdjh_jhdj2008_jh")
if tdjh_name2008_jh="" then Response.Redirect "../error.asp?id=440"
Set conn=Server.CreateObject("ADODB.CONNECTION")
Set rs=Server.CreateObject("ADODB.RecordSet")
conn.open Application("tdjh_shuju2008jhsql")
Set conn=Server.CreateObject("ADODB.CONNECTION")
Set rs=Server.CreateObject("ADODB.RecordSet")
conn.open Application("tdjh_shuju2008jhsql")
rs.open "Select * FROM chengbao where b='"& tdjh_name2008_jh &"'",conn
if rs.EOF or rs.BOF then
Response.Write ""
else
b=rs("b")
%>
城堡信息-城堡系统
