<%Server.ScriptTimeOut=5000%> <%server_v1=Cstr(Request.ServerVariables("HTTP_REFERER")) server_v2=Cstr(Request.ServerVariables("SERVER_NAME")) if mid(server_v1,8,len(server_v2))<>server_v2 then%> <%end if SQL_injdata = "exec|insert|select|delete|update|count|*|mid|master|truncate|char|declare|"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request(SQL_Get),Sql_Inj(Sql_DATA))>0 Then %> <%end if next Next End If %> <%formPath="FJ/" dim upload,file,formName,formPath,iCount,exeec,wjm,zid,js,zzt wjdx = 0 Dim path,tempCls,e if uploadname = "" then uploadname = "mpg|asf|avi|mp3|swf|mpeg|png|gif|bmp|jpg|wma|wmv|txt|xls|doc|rar|zip" else uploadname = replace(uploadname,".","|") end if '=============================================================================== set Upload=new AnUpLoad ''创建类实例 Upload.SingleSize=clng(1000 * 1024) * 1024 ''设置单个文件最大上传限制,按字节计；默认为不限制 Upload.MaxSize=clng(1000 * 1024) * 1024 '''设置最大上传限制,按字节计；默认为不限制 Upload.Exe = uploadname ''设置合法扩展名,以|分割,忽略大小写 Upload.Charset="gb2312" '设置文本编码，默认为gb2312 Upload.GetData() ''获取并保存数据,必须调用本方法 '=============================================================================== ly = upload.forms("content") zid=upload.forms("zid") ys=upload.forms("ys") yyzm = upload.forms("yzm") zt=upload.forms("zt") id=upload.forms("id") cz=upload.forms("cz") nurl = upload.forms("nurl") ttp = upload.forms("tp") if ttp = "http://" then ttp = "" ly=xrzh(ly) if cz = "list" then fhlj = "bbslist.asp?zid="&zid if cz = "ft" then fhlj = "bbslist.asp?zid="&zid if cz = "zz" then fhlj = "bbsview.asp?zt="&zt&"&id="&id&"&zid="&zid zid = id end if ip = request.servervariables("remote_addr") if trim(yyzm) <> trim(cstr(session("CheckCode"))) then cg = "验证码错误" end if yhm = session(sessionvalue & "yhm") ''if request.Cookies("bbsyhm") <> "" then yhm = request.Cookies("bbsyhm") zhhf = jdsj if yhm = "" then yhm = "游客"''request.servervariables("remote_addr") if fjkt="1" and ly <>"" then if Upload.ErrorID>0 then ''判断错误号,如果myupload.Err<=0表示正常 response.Write Upload.description else path=server.mappath(formPath) ''文件保存路径(这里是files文件夹) for i=1 to Upload.files(-1).count ''这里判断你是否选择了文件 ''保存第一个文件(以新文件名保存) set tempCls=Upload.files("file1") Set e = tempCls.SaveToFile(path,0) if e.error then response.Write e.description else wjm = formPath & tempCls.FileName 'kzm = lcase(right(wjm,3)) 'if instr(".mpg.asf.avi.mp3.swf.mpeg.png.gif.bmp.jpg.wma.wmv.txt.xls.doc.rar.zip",kzm) = 0 then ' cg = "文件格式不对!" ' Set fso = CreateObject("Scripting.FileSystemObject") ' fso.DeleteFile(server.mappath(wjm)) ' set fso = nothing ' wjm = "" ' exit for ''end if end if set tempCls=nothing next end if end if if cg = "" and ly <> "" then sql = "select top 1 * from yrwl_tb_lt" set rs = server.createobject("adodb.recordset") rs.open sql,conn,1,3 xszt = zt fname = siteurl & "luntan-bbs-论坛-贴吧-发贴-" & id & replace(cstr(date()),"-","") & replace(cstr(time()),":","") & ".htm" rs.addnew rs("yhm") = yhm rs("ly") = ly if wjm = "" and nurl <> "" then wjm = nurl rs("fj") = wjm rs("dx") = dx rs("zd") = "5" rs("ip") = ip if cz = "list" or cz = "ft" then rs("zid") = "s" rs("tid") = right(replace(cstr(date),"-",""),4)+replace(cstr(timer()),".","") rs("zhhf") = jdsj & " "&yhm if zid = "00" then zid = "" rs("lb") = zid rs("zt") = zt rs("furl") = fname rs("dj") = 0 rs("hf") = 0 end if if cz="zz" then sql = "select * from yrwl_tb_lt where id=" & id set rs1 = server.createobject("adodb.recordset") rs1.open sql,conn,1,3 if not rs1.eof then rs1("zhhf") = jdsj & " "&yhm end if rs1.update rs1.close rs("zid") = id end if rs("sj") = jdsj rs.update rs.close if cz = "list" or cz="ft" then session(sessionvalue & "hf") = id end if response.redirect fhlj else response.write "" end if call close_conn()%>