<% sql = "select * from info where id="&request("id") Set rs= Server.CreateObject("ADODB.Recordset") rs.Open sql, Conn,1,1 bt=rs("bt") rs.close %> <% '--------定义部份------------------ Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr '自定义需要过滤的字串,用 "枫" 分隔 Fy_In = "'枫;枫and枫exec枫insert枫select枫delete枫update枫count枫*枫%枫chr枫mid枫master枫truncate枫char枫declare" '---------------------------------- %> <% Fy_Inf = split(Fy_In,"枫") '--------POST部份------------------ If Request.Form<>"" Then For Each Fy_Post In Request.Form For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then '--------写入数据库----------头----- Fy_dbstr="DBQ="+server.mappath("../SqlIn.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" Set Fy_db=Server.CreateObject("ADODB.CONNECTION") Fy_db.open Fy_dbstr Fy_db.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','POST','"&Fy_Post&"','"&replace(Request.Form(Fy_Post),"'","''")&"')") Fy_db.close Set Fy_db = Nothing '--------写入数据库----------尾----- Response.Write "" Response.Write "非法操作!系统做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:POST
" Response.Write "提交参数:"&Fy_Post&"
" Response.Write "提交数据:"&Request.Form(Fy_Post) Response.End End If Next Next End If '---------------------------------- '--------GET部份------------------- If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then '--------写入数据库----------头----- Fy_dbstr="DBQ="+server.mappath("../SqlIn.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" Set Fy_db=Server.CreateObject("ADODB.CONNECTION") Fy_db.open Fy_dbstr Fy_db.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')") Fy_db.close Set Fy_db = Nothing '--------写入数据库----------尾----- Response.Write "" Response.Write "非法操作!系统做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:GET
" Response.Write "提交参数:"&Fy_Get&"
" Response.Write "提交数据:"&Request.QueryString(Fy_Get) Response.End End If Next Next End If %> <%=bt%>-吉他星空:吉他谱/电吉他/吉他视频/顺德/佛山/原创/琴行/琴行/
吉他星空
您现在的位置: 吉他星空 >> 琴行联盟 >> 文章浏览
琴行搜索引擎.
地区:
琴行:
   
推荐琴行 Top10
<%sql="select top 10 id,barname,intros,photo,city from bar where show>1 order by id desc" Set Rs=conn.Execute(sql) if not(rs.eof and rs.bof) then i=0 do while not rs.eof %> <% i=i+1 if i>=10 then exit do rs.movenext loop end if rs.close%>
 ·" target="_blank">[<%=rs("city")%>] <%=rs("barname")%>
琴行消息 News.
<% sql="SELECT top 20 id,bt FROM info order by id desc" Set Rs=conn.Execute(sql) if not(rs.eof and rs.bof) then i=0 do while not rs.eof %> <% i=i+1 if i>=20 then exit do rs.movenext loop end if rs.close%>
<% Set rs= Server.CreateObject("ADODB.Recordset") sql = "select * from info where id="&request("id") rs.Open sql, Conn,1,2 if rs.eof then error="error" else rs("count").value = rs("count").value + 1 rs.Update() txt=rs("txt") bt=rs("bt") barid=rs("barid") count=rs("count") adddate=rs("date") qinhang=rs("qinhang") end if rs.close if barid<>"" then sql = "select barname from bar where id="&barid rs.Open sql, Conn,1,1 if not rs.eof then barname=rs("barname") end if rs.close end if %> <%if error<>"" then%>

文章已删除!

<%else%>
<%=bt%>
<%=bt%>
发布人: <%=qinhang%>  人气指数:<%=count%>  发布时间:<%=adddate%>
    <%=txt%>
<%end if%>