<%@ codepage = 65001%> <% session.codepage = 65001 %> <%Response.CharSet = "UTF-8"%> <% Response.Expires = -1 Response.Expiresabsolute = Now() - 1 Response.AddHeader "Pragma", "no_cache" Response.AddHeader "cache-control", "no-cache" Response.CacheControl = "no-cache" 'Application("DB") = "sms_nninc_201303" Dim sql_pattern, item, array_counter, item_position1, item_position2 Dim strConnect Dim Dbcon 'sql_pattern=Array("/*","*/","char","nchar","varchar","nvarchar","alter","begin","cast","create","cursor","declare","dorp","end","exec","execute","fetch","insert","kill","open","select","sys","sys**s","syscolumns","table","update") ' ''GET 방식 체크 'For each item in Request.QueryString ' For array_counter=lbound(sql_pattern) to ubound(sql_pattern) ' item_position1=InStr(lcase(Request(item)), sql_pattern(array_counter)) ' item_position2=InStr(lcase(Request.QueryString), sql_pattern(array_counter)) ' ' IF (item_position1 > 0) OR (item_position2 > 0) THEN ' Response.End() ' END IF ' NEXT 'NEXT ' ''POST 방식 체크 'For each item in Request.Form ' For array_counter=lbound(sql_pattern) to ubound(sql_pattern) ' item_position1=InStr(lcase(Request(item)), sql_pattern(array_counter)) ' item_position2=InStr(lcase(Request.QueryString), sql_pattern(array_counter)) ' ' IF (item_position1 > 0) OR (item_position2 > 0) THEN ' Response.End() ' END IF ' NEXT 'NEXT strConnect="Provider=SQLOLEDB.1;Data Source="&Application("url")&";Initial catalog="&Application("DB")&";user ID="&Application("DB_id")&";Password="&Application("DB_pwd") Set DbCon=Server.CreateObject("ADODB.Connection") DbCon.Open strConnect %>