<% Function QueryFilter(Str) Str = Replace(Str, "*", "[INJ]",1,-1,1) Str = Replace(Str, "=", "[INJ]",1,-1,1) Str = Replace(Str, "<", "[INJ]",1,-1,1) Str = Replace(Str, ">", "[INJ]",1,-1,1) Str = Replace(Str, ";", "[INJ]",1,-1,1) Str = Replace(Str, "(", "[INJ]",1,-1,1) Str = Replace(Str, ")", "[INJ]",1,-1,1) Str = Replace(Str, "+", "[INJ]",1,-1,1) Str = Replace(Str, "#", "[INJ]",1,-1,1) Str = Replace(Str, "'", "[INJ]", 1, -1, 1) Str = Replace(Str, "&", "[INJ]", 1, -1, 1) Str = Replace(Str, "%", "[INJ]", 1, -1, 1) Str = Replace(Str, "?", "[INJ]", 1, -1, 1) Str = Replace(Str, "´", "[INJ]", 1, -1, 1) Str = Replace(Str, ",", "[INJ]",1,-1,1) Str = Replace(Str, "UNION", "[INJ]",1,-1,1) Str = Replace(Str, "SELECT", "[INJ]",1,-1,1) Str = Replace(Str, "WHERE", "[INJ]",1,-1,1) Str = Replace(Str, "LIKE", "[INJ]",1,-1,1) Str = Replace(Str, "FROM", "[INJ]",1,-1,1) Str = Replace(Str, "UPDATE", "[INJ]",1,-1,1) Str = Replace(Str, "INSERT", "[INJ]",1,-1,1) Str = Replace(Str, "ORDER", "[INJ]",1,-1,1) Str = Replace(Str, "GROUP", "[INJ]",1,-1,1) Str = Replace(Str, "ALTER", "[INJ]",1,-1,1) Str = Replace(Str, "ADD", "[INJ]",1,-1,1) Str = Replace(Str, "MODIFY", "[INJ]",1,-1,1) Str = Replace(Str, "RENAME", "[INJ]",1,-1,1) Str = Replace(Str, Chr(39), "[INJ]", 1, -1, 1) If InStr(1,Str,"[INJ]",1) then Response.Redirect "Default.asp" end if QueryFilter = Str End Function %> <% If QueryFilter(Request.QueryString("id")) = "" Then %>
Ü L K E L E R İ N  M İ L L İ  M A R Ş L A R I
<% If r()=True Then %> <% End If %>
<% Set Marslar = Bag.Execute("SELECt * FROM tblMilliMarslar WHERE fldOnay=1 ORDER BY fldUlke") If Not Marslar.EOF Then i=0 Do While Not Marslar.EOF If i Mod 27 = 0 Then Response.Write "" If Marslar("fldUlke") = "TÜRKİYE" Then Ek = " style=""color:#FF0000""" Else Ek = "" Response.Write "
  • " & Marslar("fldUlke") & "" If Marslar("fldMidi") <> "" Then Response.Write " ( Dinle)
    " Response.Write "
    " i=i+1: Marslar.MoveNext Loop End If %>
  • <% Else %> <% Set Mars = Bag.Execute("SELECT * FROM tblMilliMarslar WHERE fldID=" & Temizle(QueryFilter(Request.QueryString("id")))) If Not Mars.EOF Then %>
    <%=UCaseEx(Mars("fldUlke"))%> ÜLKESİ MİLLİ MARŞI

    <%=Temizle(Mars("fldMars"))%>

    <% If Mars("fldMidi") <> "" Then Response.Write " ( " & Mars("fldUlke") & " ülkesinin milli marşını dinle)

    " %> <% Set Hit = Bag.Execute("UPDATE tblMilliMarslar SET fldHit=fldHit+1 WHERE fldID=" & Temizle(QueryFilter(Request.QueryString("id"))))%> Tüm Milli Marşlar Listesi

    <%=DikeyBol%>
    <% End If %> <% End If %> <%=Hr%>