47 lines
1.6 KiB
Plaintext
47 lines
1.6 KiB
Plaintext
<%@ codepage = 65001%>
|
|
<% session.codepage = 65001 %>
|
|
<%Response.CharSet = "UTF-8"%>
|
|
<%
|
|
|
|
Response.Expires = -1
|
|
Response.Expiresabsolute = Now() - 1
|
|
Response.AddHeader "Pragma", "no_cache"
|
|
Response.AddHeader "cache-control", "no-cache"
|
|
Response.CacheControl = "no-cache"
|
|
|
|
'Application("DB") = "sms_nninc_201303"
|
|
Dim sql_pattern, item, array_counter, item_position1, item_position2
|
|
Dim strConnect
|
|
Dim Dbcon
|
|
|
|
'sql_pattern=Array("/*","*/","char","nchar","varchar","nvarchar","alter","begin","cast","create","cursor","declare","dorp","end","exec","execute","fetch","insert","kill","open","select","sys","sys**s","syscolumns","table","update")
|
|
'
|
|
''GET 방식 체크
|
|
'For each item in Request.QueryString
|
|
' For array_counter=lbound(sql_pattern) to ubound(sql_pattern)
|
|
' item_position1=InStr(lcase(Request(item)), sql_pattern(array_counter))
|
|
' item_position2=InStr(lcase(Request.QueryString), sql_pattern(array_counter))
|
|
'
|
|
' IF (item_position1 > 0) OR (item_position2 > 0) THEN
|
|
' Response.End()
|
|
' END IF
|
|
' NEXT
|
|
'NEXT
|
|
'
|
|
''POST 방식 체크
|
|
'For each item in Request.Form
|
|
' For array_counter=lbound(sql_pattern) to ubound(sql_pattern)
|
|
' item_position1=InStr(lcase(Request(item)), sql_pattern(array_counter))
|
|
' item_position2=InStr(lcase(Request.QueryString), sql_pattern(array_counter))
|
|
'
|
|
' IF (item_position1 > 0) OR (item_position2 > 0) THEN
|
|
' Response.End()
|
|
' END IF
|
|
' NEXT
|
|
'NEXT
|
|
|
|
strConnect="Provider=SQLOLEDB.1;Data Source="&Application("url")&";Initial catalog="&Application("DB")&";user ID="&Application("DB_id")&";Password="&Application("DB_pwd")
|
|
Set DbCon=Server.CreateObject("ADODB.Connection")
|
|
DbCon.Open strConnect
|
|
|
|
%><!--#include virtual="/common/lib/dbclass.asp"--> |