<% '''''''''''''''''''''''''''''' Access数据库设置 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''' SqlDataBase = "#space.asp" '数据库路径 Admin_SqlDat = "#admin.asp" '管理员数据库路径 SqlProvider = "Microsoft.Jet.OLEDB.4.0" '驱动程序[ Microsoft.Jet.OLEDB.4.0 Microsoft.ACE.OLEDB.12.0 ] SqlPassword = "" 'ACCESS数据库密码 Connstr="Provider="&SqlProvider&";Jet Oledb:Database Password="&SqlPassword&"; Data Source="&Server.MapPath(SqlDataBase) AdminStr="Provider="&SqlProvider&";Jet Oledb:Database Password="&SqlPassword&"; Data Source="&Server.MapPath(Admin_SqlDat) SqlNowString="Now()" SqlChar="'" IsSqlVer="ACCESS" ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''' Access防SQL注入设置 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''' dim sql_injdata SQL_injdata = "'|and|or|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") If Request.QueryString<>"" Then For Each SQL_GET In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) If Instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then Response.Write ("" ) Response.End End if Next Next If Request.ServerVariables("SCRIPT_NAME")<>"/Import_IE.asp" Then For Each SQL_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) If Instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then Response.Write ("" ) '这个地方write后面少了个括号 Response.end End If Next Next End If End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' On Error Resume Next Set Conn=Server.CreateObject("ADODB.Connection") Conn.open ConnStr %> <% If Request.Cookies("User_Account")<>"" and Session("User_Password")="" Then Session("User_Account")=Request.Cookies("User_Account") Session("User_Password")=Request.Cookies("User_Password") End If %>