Files
sms_host20170829/common/lib/dbcon.asp
T
2026-02-23 10:01:00 +09:00

47 lines
1.6 KiB
Plaintext

<%@ codepage = 65001%>
<% session.codepage = 65001 %>
<%Response.CharSet = "UTF-8"%>
<%
Response.Expires = -1
Response.Expiresabsolute = Now() - 1
Response.AddHeader "Pragma", "no_cache"
Response.AddHeader "cache-control", "no-cache"
Response.CacheControl = "no-cache"
'Application("DB") = "sms_nninc_201303"
Dim sql_pattern, item, array_counter, item_position1, item_position2
Dim strConnect
Dim Dbcon
'sql_pattern=Array("/*","*/","char","nchar","varchar","nvarchar","alter","begin","cast","create","cursor","declare","dorp","end","exec","execute","fetch","insert","kill","open","select","sys","sys**s","syscolumns","table","update")
'
''GET 방식 체크
'For each item in Request.QueryString
' For array_counter=lbound(sql_pattern) to ubound(sql_pattern)
' item_position1=InStr(lcase(Request(item)), sql_pattern(array_counter))
' item_position2=InStr(lcase(Request.QueryString), sql_pattern(array_counter))
'
' IF (item_position1 > 0) OR (item_position2 > 0) THEN
' Response.End()
' END IF
' NEXT
'NEXT
'
''POST 방식 체크
'For each item in Request.Form
' For array_counter=lbound(sql_pattern) to ubound(sql_pattern)
' item_position1=InStr(lcase(Request(item)), sql_pattern(array_counter))
' item_position2=InStr(lcase(Request.QueryString), sql_pattern(array_counter))
'
' IF (item_position1 > 0) OR (item_position2 > 0) THEN
' Response.End()
' END IF
' NEXT
'NEXT
strConnect="Provider=SQLOLEDB.1;Data Source="&Application("url")&";Initial catalog="&Application("DB")&";user ID="&Application("DB_id")&";Password="&Application("DB_pwd")
Set DbCon=Server.CreateObject("ADODB.Connection")
DbCon.Open strConnect
%><!--#include virtual="/common/lib/dbclass.asp"-->