SQLͨÓ÷À×¢Èë³ÌÐò V1.0 ASP°æ

ÎÞÃñ

ÒòÏÖÔÚSQL×¢ÈëʵÔÚÊÇÌ«ÑÏÖØÁË£¬ËùÒÔÎÒдÁ˶ÎASP·À×¢Èë´úÂë Ë͸ø´ó¼Ò£¡

¹¦Äܼòµ¥ËµÃ÷£º
1.×Ô¶¯»ñÈ¡Ò³ÃæËùÓвÎÊý£¬ÎÞÐèÊÖ¹¤¶¨Òå²ÎÊýÃû.
2.ÌṩÈýÖÖ´íÎó´¦Àí·½Ê½¹©Ñ¡Ôñ.
  (1).ÌáʾÐÅÏ¢.
  (2).תÏòÒ³Ãæ.
  (3).ÌáʾÐÅÏ¢,ÔÙתÏòÒ³Ãæ.
3.×Ô¶¨ÒåתÏòÒ³Ãæ.

(Èç¹ûÐèÒª×Ô¶¨ÒåÌáʾÐÅÏ¢£¬ÇëÁªÏµ±¾ÈË»ò×ÔÐÐÐ޸ĴúÂ룡)

ʹÓ÷½·¨ºÜ¼òµ¥£¬Ö»ÐèÒªÔÚASPÒ³ÃæÍ·²¿²åÈë´úÂë
<!--#Include File="Fy_SqlX.Asp"-->
°üº¬ Fy_SqlX.Asp ¾Í¿ÉÒÔÁË~~¼òµ¥ÊµÓÃ

±¾³ÌÐòÃâ·Ñ¹«¿ªÔ´´úÂë¸ø´ó¼ÒʹÓã¬×¢£ºÊ¹ÓÃʱÇë×¢Ã÷±¾ÈË°æȨ£¬Ð»Ð»ºÏ×÷£¡

Èç¹ûÄ㽫±¾³ÌÐòÔٴοª·¢Ð޸ģ¬ÇëÁªÏµ±¾ÈËŶ~~QQ£º613548

            ·ãÖªÇï  2004-09-19


¾ßÌå´úÂëÈçÏÂ:

<%
Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx
'---¶¨Ò岿·Ý  Í·------
Fy_Cl = 1        '´¦Àí·½Ê½£º1=ÌáʾÐÅÏ¢,2=תÏòÒ³Ãæ,3=ÏÈÌáʾÔÙתÏò
Fy_Zx = "Error.Asp"    '³ö´íʱתÏòµÄÒ³Ãæ
'---¶¨Ò岿·Ý  Î²------

'----------°æȨ˵Ã÷----------------
'·ãÒ¶SQLͨÓ÷À×¢Èë V1.0 ASP°æ
'±¾³ÌÐòÓÉ ·ãÖªÇï ¶ÀÁ¢¿ª·¢
'ÓÐÒÉÎÊ»òÏëµÃµ½×îаæÇëÁªÏµ±¾ÈË
'      ÁªÏµQQ:613548
'ʹÓÃʱÇë±£Áô±¾ÈË°æȨÐÅÏ¢¡£
'±¾³ÌÐò»¶Ó­×ªÔØ
'--------·ãÖªÇï °æȨËùÓÐ-----------
On Error Resume Next
Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))
On Error Resume Next
for Fy_x=0 to ubound(Fy_a)
Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next
For Fy_x=0 to ubound(Fy_Cs)
If Fy_Cs(Fy_x)<>"" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Then
Select Case Fy_Cl
  Case "1"
Response.Write "<Script Language=JavaScript>alert('                   ³öÏÖ´íÎ󣡲ÎÊý "&Fy_Cs(Fy_x)&" µÄÖµÖаüº¬·Ç·¨×Ö·û´®£¡\n\n  Çë²»ÒªÔÚ²ÎÊýÖгöÏÖ£º;,and,select,update,insert,delete,chr µÈ·Ç·¨×Ö·û£¡\n\n·ãÒ¶SQLͨÓ÷À×¢ÈëV1.0 ASP°æ -- ÏÂÔØ£º[url=Http://Fy.Swjd.Net/Down/FySqlX.Rar]Http://Fy.Swjd.Net/Down/FySqlX.Rar');window.close();</Script>"
  Case "2"
Response.Write "<Script Language=JavaScript>location.href='"&Fy_Zx&"'</Script>"
  Case "3"
Response.Write "<Script Language=JavaScript>alert('                   ³öÏÖ´íÎ󣡲ÎÊý "&Fy_Cs(Fy_x)&"µÄÖµÖаüº¬·Ç·¨×Ö·û´®£¡\n\n  Çë²»ÒªÔÚ²ÎÊýÖгöÏÖ£º;,and,select,update,insert,delete,chr µÈ·Ç·¨×Ö·û£¡\n\n·ãÒ¶SQLͨÓ÷À×¢ÈëV1.0 ASP°æ -- ÏÂÔØ£ºHttp://Fy.Swjd.Net/Down/FySqlX.Rar');location.href='"&Fy_Zx&"';</Script>"
End Select
Response.End
End If
End If
Next
%>


Ç뽫ÈçÉÏ´úÂë±£´æΪFy_SqlX.Asp