<% '--------定义部份------------------ Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr '自定义需要过滤的字串,用 "枫" 分隔 Fy_In = "'枫;枫and枫exec枫insert枫select枫delete枫update枫count枫*枫%枫chr枫mid枫master枫truncate枫char枫declare" '---------------------------------- %> <% Fy_Inf = split(Fy_In,"枫") '--------POST部份------------------ If Request.Form<>"" Then For Each Fy_Post In Request.Form For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then '--------写入数据库----------头----- Fy_dbstr="DBQ="+server.mappath("../SqlIn.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" Set Fy_db=Server.CreateObject("ADODB.CONNECTION") Fy_db.open Fy_dbstr Fy_db.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','POST','"&Fy_Post&"','"&replace(Request.Form(Fy_Post),"'","''")&"')") Fy_db.close Set Fy_db = Nothing '--------写入数据库----------尾----- Response.Write "" Response.Write "非法操作!系统做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:POST
" Response.Write "提交参数:"&Fy_Post&"
" Response.Write "提交数据:"&Request.Form(Fy_Post) Response.End End If Next Next End If '---------------------------------- '--------GET部份------------------- If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then '--------写入数据库----------头----- Fy_dbstr="DBQ="+server.mappath("../SqlIn.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" Set Fy_db=Server.CreateObject("ADODB.CONNECTION") Fy_db.open Fy_dbstr Fy_db.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')") Fy_db.close Set Fy_db = Nothing '--------写入数据库----------尾----- Response.Write "" Response.Write "非法操作!系统做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:GET
" Response.Write "提交参数:"&Fy_Get&"
" Response.Write "提交数据:"&Request.QueryString(Fy_Get) Response.End End If Next Next End If %> <% Set rs= Server.CreateObject("ADODB.Recordset") sql = "select * from bar where show>=1 and id="&request("id") rs.Open sql, Conn,1,2 if rs.eof then error="error" else id=rs("id") city=rs("city") barname=rs("barname") typical=rs("typical") money=rs("money") number=rs("number") add=rs("add") people=rs("people") oicq=rs("oicq") phone=rs("phone") email=rs("email") zip=rs("zip") homepage=rs("homepage") intros=rs("intros") count=rs("count") adddate=rs("date") photo=rs("photo") show=rs("show") yytime=rs("yytime") yymj=rs("yymj") if request.cookies("jynetbar")<>barname then rs("count").value = rs("count").value + 1 rs.Update() end if end if rs.close Response.cookies("jynetbar")=barname %> 【<%=barname%>】主页-吉他星空
吉他星空 您现在的位置: 吉他星空 >> 乐队联盟 >> <%=city%>乐队 >> <%=barname%> <%if show>1 then%> 推荐会员 <%end if%>
乐队搜索引擎.
地区:
乐队:
   
推荐乐队 Top10
<%sql="select top 10 id,barname,intros,photo,city from bar where show>1 order by id desc" Set Rs=conn.Execute(sql) if not(rs.eof and rs.bof) then i=0 do while not rs.eof %> <% i=i+1 if i>=10 then exit do rs.movenext loop end if rs.close%>
 ·" target="_blank">[<%=rs("city")%>] <%=rs("barname")%>
乐队消息 News.
<% sql="SELECT top 15 id,bt FROM info order by id desc" Set Rs=conn.Execute(sql) if not(rs.eof and rs.bof) then i=0 do while not rs.eof %> <% i=i+1 if i>=15 then exit do rs.movenext loop end if rs.close%>
 · " target="_blank"><%=rs("bt")%>
【<%=barname%>】的简介信息
<%=barname%>
责任编辑:吉他星空  人气指数:<%=count%>  登记时间:<%=adddate%>

点击查看<%else%>/qhcsys/img/nophoto.jpg<%end if%> <%if photo=1 then%> <%end if%>

联 系 人:<%=people%>
所在地区:<%=city%>
乐队风格:<%=number%>
乐队性质:<%=typical%>
创建时间:<%=yytime%>
【 <%=barname%> 】 简介信息
    <%=intros%>