p;On Error Resume Next
Set Execute = Conn.Execute(Command)
If Err Then
err.Clear
Set Conn = Nothing
If savelog=1 Then
Response.Write SaveSQLLOG(Command,"查询数据的时候发现错误,请检查您的查询代码是否正确。<br>基于安全的理由,只显示本信息,要查看详细的错误信息,请修改您的程序文件conn.asp。把""Const IsDeBug = 0""改为:""Const IsDeBug = 1""")
Else
Response.Write "查询数据的时候发现错误,请检查您的查询代码是否正确。"
End If
Response.End
End If
Else
''''Response.Write command & "<br>"
Set Execute = Conn.Execute(Command)
End If
SqlQueryNum = SqlQueryNum+1
End Function
''''-----------------------------------------------------------------------------------------------------
''''独立道具查询
Public Function Plus_Execute(Command)
If Cint(Forum_Setting(92))=1 Then
If Not IsObject(Plus_Conn) Then Plus_ConnectionDatabase
Else
If Not IsObject(Conn) Then ConnectionDatabase
End IF
''''检查权限,防止注入攻击。
If InStr(LCase(Command),"dv_admin")>0 And Left(ScriptName,6)<> "admin_" Then
If savelog=1 Then
Response.Write SaveSQLLOG(Command,"")
End If
Command=Replace(LCase(Command),"dv_admin","dv<i>"&Chr(95)&"</i>admin")
End If
If IsDeBug = 0 Then
On Error Resume Next
If Cint(Forum_Setting(92))=1 Then
Set Plus_Execute = Plus_Conn.Execute(Command)
Else
Set Plus_Execute = Conn.Execute(Command)
End If
If Err Then
err.Clear
If Cint(Forum_Setting(92))=1 Then
Set Plus_Conn = Nothing
Else
Set Conn = Nothing
End If
If savelog=1 Then
Response.Write SaveSQLLOG(Command,"查询数据的时候发现错误,请检查您的查询代码是否正确。<br>基于安全的理由,只显示本信息,要查看详细的错误信息,请修改您的程序文件conn.asp。把""Const IsDeBug = 0""改为:""Const IsDeBug = 1""")
Else
Response.Write "查询数据的时候发现错误,请检查您的查询代码是否正确。"
End If
Response.End
End If
Else
''''Response.Write command & "<br>"
If Cint(Forum_Setting(92))=1 Then
Set Plus_Execute = Plus_Conn.Execute(Command)
Else
Set Plus_Execute = Conn.Execute(Command)
End If
End If
SqlQueryNum = SqlQueryNum+1
End Function
''''----------------------------------------------------------------------------------------------------- ''''记录查询错误事件
Public Function SaveSQLLOG(sCommand,message)
Dim lConnStr,lConn,ldb
ldb = MyDbPath & "data/DvSQLLOG.mdb"
''''Response.Write ldb
lConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(ldb)
Set lConn = Server.CreateObject("ADODB.Connection")
lConn.Open lConnStr
lConn.Execute("Insert Into dv_sql_log (ScriptName,S_Info,ip) Values (''''"&ScriptName&"'''',''''"&Replace(Left(sCommand,255),"''''","''''''''")&"'''',''''"&UserTrueIP&"'''')")
lConn.Close
Set lConn = Nothing
SaveSQLLOG = message
End Function
Public Sub ChecKIPlock()
Dim IPlock
IPlock = False
Dim locklist
locklist=Trim(CacheData(25,0))
If locklist="" Then Exit Sub
Dim i,StrUserIP,StrKillIP
StrUserIP=UserTrueIP
locklist=Split(locklist,"|")
If StrUserIP="" Then Exit Sub
StrUserIP=Split(UserTrueIP,".")
If Ubound(StrUserIP)<>3 Then Exit Sub
For i= 0 to UBound(locklist)
locklist(i)=Trim(locklist(i))
If locklist(i)<>"" Then
StrKillIP = Split(locklist(i),".")
If Ubound(StrKillIP)<>3 Then Exit For
IPlock = True
If (StrUserIP(0) <> StrKillIP(0)) And Instr(StrKillIP(0),"*")=0 Then IPlock=False
If (StrUserIP(1) <> StrKillIP(1)) And Instr(StrKillIP(1),"*")=0 Then IPlock=False
If (StrUserIP(2) <> StrKillIP(2)) And Instr(StrKillIP(2),"*")=0 Then IPlock=False
If (StrUserIP(3) <> StrKillIP(3)) And Instr(StrKillIP(3),"*")=0 Then IPlock=False
If IPlock Then Exit For
End If
Next
Response.Cookies(Forum_sn & "Kill").Expires = DateAdd("s", 360, Now())
Response.Cookies(Forum_sn & "Kill").Path = Cookiepath
If IPlock Then
Response.Cookies(Forum_sn & "Kill")("kill") = "1"
Else
Response.Cookies(Forum_sn & "Kill")("kill") = "0"
End If
End Sub
''''IP/来源
Public Function address(sip)
Dim aConnStr,aConn,adb
Dim str1,str2,str3,str4
Dim num
Dim country,city
Dim irs,SQL
address="未知"
If IsNumeric(Left(sip,2)) Then
If sip="127.0.0.1" Then sip="192.168.0.1"
str1=Left(sip,InStr(sip,".")-1)
sip=mid(sip,instr(sip,".")+1)
str2=Left(sip,instr(sip,".")-1)
sip=Mid(sip,InStr(sip,".")+1)
str3=Left(sip,instr(sip,".")-1)
str4=Mid(sip,instr(sip,".")+1)
If isNumeric(str1)=0 or isNumeric(str2)=0 or isNumeric(str3)=0 or isNumeric(str4)=0 Then
Else
num=CLng(str1)*16777216+CLng(str2)*65536+CLng(str3)*256+CLng(str4)-1
adb = "data/ipaddress.mdb"
aConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(adb)
Set AConn = Server.CreateObject("ADODB.Connection")
aConn.Open aConnStr
country="亚洲"
city=""
sql="select top 1 country,city from dv_address where ip1 <="&num&" and ip2 >="&num&""
Set irs=aConn.execute(sql)
If Not(irs.EOF And irs.bof) Then
country=irs(0)
city=irs(1)
End If
Set irs=Nothing
Set aConn = Nothing
SqlQueryNum = SqlQueryNum+1
End If
address=country&city
End If
End Function
''''显示验证码
Public Function GetCode()
GetCode= Dvbbs.mainhtml(15)&"<img src=""DV_getcode.asp"">"
End Function
''''检查验证码是否正确
Public Function CodeIsTrue()
Dim CodeStr
CodeStr=Trim(Request("CodeStr"))
If CStr(Session("GetCode"))=CStr(CodeStr) And CodeStr<>"" Then
CodeIsTrue=True
Session("GetCode")=empty
Else
CodeIsTrue=False
Session("GetCode")=empty
End If
End Function
''''用于用户发布的各种信息过滤,带脏话过滤
Public Function HTMLEncode(fString)
If Not IsNull(fString) Then
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<")
fString = Replace(fString, CHR(32), " ") ''''
fString = Replace(fString, CHR(9), " ") ''''
fString = Replace(fString, CHR(34), """)
''''fString = Replace(fString, CHR(39), "'") 上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >> |
