<% a_tablename = Request.QueryString("a_tablename") filename = Request.QueryString("filename") a_tablename = Replace(a_tablename, "../", "" ) a_tablename = Replace(a_tablename, "/", "" ) filename = Replace(filename, "../", "" ) filename = Replace(filename, "/", "" ) fileDir = server.mappath( "/data/board/" ) & "\" & a_tablename & "\" downFileName = filename filepath = fileDir & filename set objFS = Server.CreateObject("Scripting.FileSystemObject") If objFS.FileExists(filepath) = False Then %> <% response.end End If set objFS = nothing Response.charset = "ISO-8859-1" Response.addHeader "Content-Type", "charset=ISO-8859-1" Response.contenttype = "application/unknown" Response.addheader "content-disposition", "attachment;filename=" & downFileName Set objstream = Server.CreateObject("adodb.stream") objstream.open objstream.type = 1 objstream.loadfromfile filepath download = objstream.read response.binarywrite download Set objstream = Nothing %>