<% mofei=trim(request.form("jz1024")) if mofei="" then response.write "" response.end end if if cstr(session("getcode"))<>cstr(mofei) then response.write "" response.end end if %> <% OpenDB() cauthor = Request.Form("author") cbcolor = Request.Form("tagbcolor") ccontent = Request.Form("massages") pic = Request.Form("tagBPic") ccontent=replace(ccontent,"&","") ccontent=replace(ccontent,"#","") ccontent=Replace(ccontent,"<","")'左< ccontent=Replace(ccontent,">","")'右> ccontent=Replace(ccontent,";","")'分号 ccontent=Replace(ccontent,"'","")'单引号 ccontent=Replace(ccontent,"""","")'双引号 ccontent=Replace(ccontent,Chr(9),"")'空格 ccontent=Replace(ccontent,Chr(10)&Chr(10),"") ccontent=Replace(ccontent,Chr(10),"")'回车 ccontent=Replace(ccontent,Chr(13),"")'回车 ccontent=Replace(ccontent,Chr(32),"")'空格 ccontent=Replace(ccontent,Chr(34),"")'双引号 ccontent=Replace(ccontent,Chr(39),"")'单引号 ccontent=Replace(ccontent,"script","")'script ccontent=Replace(ccontent,"(","")'左( ccontent=Replace(ccontent,")","")'右) ccontent=Replace(ccontent,"--","")'SQL注释符 ccontent=Replace(ccontent,"-","")'SQL注释符 ccontent=Replace(ccontent,"http","http://www.3zha.com")'SQL注释符 ccontent=Replace(ccontent,"江泽民","") ccontent=Replace(ccontent,"胡锦涛","") ccontent=Replace(ccontent,"他妈的","") ccontent=Replace(ccontent,"TMD","") ccontent=Replace(ccontent,"法轮","") ccontent=Replace(ccontent,"法轮功","") ccontent=Replace(ccontent,"法轮大法","") ccontent=Replace(ccontent,"共产党","") cauthor=replace(cauthor,"&","") cauthor=replace(cauthor,"#","") cauthor=Replace(cauthor,"<","")'左< cauthor=Replace(cauthor,">","")'右> cauthor=Replace(cauthor,";","")'分号 cauthor=Replace(cauthor,"'","")'单引号 cauthor=Replace(cauthor,"""","")'双引号 cauthor=Replace(cauthor,Chr(9),"")'空格 cauthor=Replace(cauthor,Chr(10)&Chr(10),"") cauthor=Replace(cauthor,Chr(10),"")'回车 cauthor=Replace(cauthor,Chr(13),"")'回车 cauthor=Replace(cauthor,Chr(32),"")'空格 cauthor=Replace(cauthor,Chr(34),"")'双引号 cauthor=Replace(cauthor,Chr(39),"")'单引号 cauthor=Replace(cauthor,"script","")'script cauthor=Replace(cauthor,"(","")'左( cauthor=Replace(cauthor,")","")'右) cauthor=Replace(cauthor,"--","")'SQL注释符 cauthor=Replace(cauthor,"-","")'SQL注释符 cauthor=Replace(cauthor,"http","http://www.3zha.com") cauthor=Replace(cauthor,"江泽民","") cauthor=Replace(cauthor,"胡锦涛","") cauthor=Replace(cauthor,"他妈的","") cauthor=Replace(cauthor,"TMD","") cauthor=Replace(cauthor,"法轮","") cauthor=Replace(cauthor,"法轮功","") cauthor=Replace(cauthor,"法轮大法","") cauthor=Replace(cauthor,"共产党","") ip=Request.ServerVariables("REMOTE_ADDR") comefrom=getFrom(request.servervariables("remote_addr")) If Len(cauthor) >10 and Len(cauthor) <1 Then if LoveTxt<>"" then LoveTxt = Left(LoveTxt,10) else Response.write "" end if End If If Len(cauthor) =0 then response.redirect("default.asp") End If If Len(ccontent) >100 and Len(ccontent) <1 Then if LoveTxt<>"" then LoveTxt = Left(LoveTxt,100) else Response.write "" end if End If Conn.execute("Insert Into ccc_love(cauthor,ccontent,cbcolor,pic,ip,comefrom) values ('" & cauthor &"','" & ccontent & "','"& cbcolor & "','"& pic & "','"& ip & "','"& comefrom & "')") CloseDB() Response.write "" %>