谁可以把你们的conn.asp就是包含文件ASP
提供一下!
我想看看应该过滤什么
我先写给自己的
有什么漏洞说说
<%
set cn = server.CreateObject("adodb.connection")
cn.open "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & server.MapPath("Rin520#v002223232.mdb")

%>

<%
Sub BrandNewDay()
Dim sDate, y, m, d, w
Dim sDateChinese
sDate = Date()
If Application("date_today") = sDate Then Exit Sub

y = CStr(Year(sDate))
m = CStr(Month(sDate))
If Len(m) = 1 Then m = "0" & m
d = CStr(Day(sDate))
If Len(d) = 1 Then d = "0" & d
w = WeekdayName(Weekday(sDate))
sDateChinese = y & "?ê" & m & "??" & d & "è?&nbsp;" & w

Application.Lock
Application("date_today") = sDate
Application("date_chinese") = sDateChinese '??ììμ??D???ùê?
Application.Unlock
End Sub
%>
<%
' ============================================
' °?×?·?′???DDHTML?a??,ì???server.htmlencode
' è￥3yHtml??ê?￡?ó?óú??ê?ê?3?
' ============================================
Function outHTML(str)
Dim sTemp
sTemp = str
outHTML = ""
If IsNull(sTemp) = True Then
Exit Function
End If
sTemp = Replace(sTemp, "&", "&amp;")
sTemp = Replace(sTemp, "<", "&lt;")
sTemp = Replace(sTemp, ">", "&gt;")
sTemp = Replace(sTemp, Chr(34), "&quot;")
sTemp = Replace(sTemp, Chr(10), "<br>")
outHTML = sTemp
End Function

' ============================================
' è￥3yHtml??ê?￡?ó?óú′óêy?Y?a?Dè?3??μì?è?ê?è??òê±
' ×￠òa￡ovalue="?"?a±?ò??¨òaó???òyo?
' ============================================
Function inHTML(str)
Dim sTemp
sTemp = str
inHTML = ""
If IsNull(sTemp) = True Then
Exit Function
End If
sTemp = Replace(sTemp, "&", "&amp;")
sTemp = Replace(sTemp, "<", "&lt;")
sTemp = Replace(sTemp, ">", "&gt;")
sTemp = Replace(sTemp, Chr(34), "&quot;")
inHTML = sTemp
End Function
%>
<%
Function Get_SafeStr(str)
Get_SafeStr = Replace(Replace(Replace(Trim(str), "'", ""), Chr(34), ""), ";", "")
End Function

' ============================================
' è?êμ?ê×?·?3¤?è
' ============================================
Function Get_TrueLen(str)
Dim l, t, c, i
l = Len(str)
t = l
For i = 1 To l
c = Asc(Mid(str, i, 1))
If c < 0 Then c = c + 65536
If c > 255 Then t = t + 1
Next
Get_TrueLen = t
End Function

' ============================================
' ?D??ê?·?°2è?×?·?′?,?ú×￠2áμ???μèì?êa×????Dê1ó?
' ============================================
Function IsSafeStr(str)
Dim s_BadStr, n, i
s_BadStr = "' ??&<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)
n = Len(s_BadStr)
IsSafeStr = True
For i = 1 To n
If Instr(str, Mid(s_BadStr, i, 1)) > 0 Then
IsSafeStr = False
Exit Function
End If
Next
End Function

%>

<%
''过滤提交表单中的SQL

''==========================

function ForSqlForm(form_title)

dim fqys,errc,i,items

dim nothis(18)

nothis(0)="net user"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="net localgroup administrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="''"

nothis(11)="iframe"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

''nothis(19)="@"

errc=false

for i= 0 to ubound(nothis)

for each items in request.Form

if instr(form_title,nothis(i))<>0 then

response.write("<div class='menu'>")

response.write("你所填写的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i))

response.write("</div>")

response.write("对不起,你所填写的信息含非法字符！<a href=""#"" onclick=""history.back()"">返回</a>")

response.End()

end if

next

next

end function

''==========================
%>

谁可以给！！！！！！！！！

谁可以给给！！！！！！！！！