<% R_Fields = "sc_hdate1, sc_hdate2, sc_hdd" Call RequestAll (R_Fields, "") rtn_url = request.QueryString("rtn_url") R_Fields_u = "sc_hdate1, sc_hdate2, sc_hdd, sc_wdate" sc_wdate = Date() & " " & Hour(now) & ":" & Minute(now) Call UpdateQuery (R_Fields_u, "site_config", "") If rtn_url <> "" Then response.redirect rtn_url response.end End if function RequestAll(R_Fields, RequestObj) Dim i, R_Fields_arr R_Fields = Replace(R_Fields, " ", "") R_Fields_arr = Split(R_Fields, ",") If RequestObj = "" Then RequestObj = "Request" For i = 0 To UBound(R_Fields_arr) execute(R_Fields_arr(i)&" = inputValue("&RequestObj&"("""&R_Fields_arr(i)&"""))") '^------inputValue()함수 'execute("response.write """&R_Fields_arr(i)&"=""&"&R_Fields_arr(i)&"&""
""") Next End Function function InputValue(strvalue) Dim strvalue_temp, injection strvalue = trim(strvalue) strvalue = Replace(strvalue,"'","''") strvalue = Replace(strvalue,chr(34), """) strvalue = Replace(strvalue, "", "") strvalue = Replace(strvalue, "", "") strvalue = Replace(strvalue, "script", "") InputValue = strvalue end Function Function UpdateQuery(R_Fields, table, where) Dim i, R_Fields_arr R_Fields = Replace(R_Fields, " ", "") R_Fields_arr = Split(R_Fields, ",") execute("sql = ""update "&table&" set """) For i = 0 To UBound(R_Fields_arr) execute("sql = sql & """&R_Fields_arr(i)&" = '""&"&R_Fields_arr(i)&"&""'""") If i < UBound(R_Fields_arr) Then sql = sql & "," next execute("sql = sql & "" "" & where") 'response.write sql 'response.end Dbcon.Execute sql End Function %>