%
Function QueryFilter(Str)
Str = Replace(Str, "*", "[INJ]",1,-1,1)
Str = Replace(Str, "=", "[INJ]",1,-1,1)
Str = Replace(Str, "<", "[INJ]",1,-1,1)
Str = Replace(Str, ">", "[INJ]",1,-1,1)
Str = Replace(Str, ";", "[INJ]",1,-1,1)
Str = Replace(Str, "(", "[INJ]",1,-1,1)
Str = Replace(Str, ")", "[INJ]",1,-1,1)
Str = Replace(Str, "+", "[INJ]",1,-1,1)
Str = Replace(Str, "#", "[INJ]",1,-1,1)
Str = Replace(Str, "'", "[INJ]", 1, -1, 1)
Str = Replace(Str, "&", "[INJ]", 1, -1, 1)
Str = Replace(Str, "%", "[INJ]", 1, -1, 1)
Str = Replace(Str, "?", "[INJ]", 1, -1, 1)
Str = Replace(Str, "´", "[INJ]", 1, -1, 1)
Str = Replace(Str, ",", "[INJ]",1,-1,1)
Str = Replace(Str, "UNION", "[INJ]",1,-1,1)
Str = Replace(Str, "SELECT", "[INJ]",1,-1,1)
Str = Replace(Str, "WHERE", "[INJ]",1,-1,1)
Str = Replace(Str, "LIKE", "[INJ]",1,-1,1)
Str = Replace(Str, "FROM", "[INJ]",1,-1,1)
Str = Replace(Str, "UPDATE", "[INJ]",1,-1,1)
Str = Replace(Str, "INSERT", "[INJ]",1,-1,1)
Str = Replace(Str, "ORDER", "[INJ]",1,-1,1)
Str = Replace(Str, "GROUP", "[INJ]",1,-1,1)
Str = Replace(Str, "ALTER", "[INJ]",1,-1,1)
Str = Replace(Str, "ADD", "[INJ]",1,-1,1)
Str = Replace(Str, "MODIFY", "[INJ]",1,-1,1)
Str = Replace(Str, "RENAME", "[INJ]",1,-1,1)
Str = Replace(Str, Chr(39), "[INJ]", 1, -1, 1)
If InStr(1,Str,"[INJ]",1) then
Response.Redirect "Default.asp"
end if
QueryFilter = Str
End Function
%>
<% If QueryFilter(Request.QueryString("id")) = "" Then %>
|
Ü L K E L E R İ N M İ L L İ M A R Ş L A R I |
|
<% If r()=True Then %>
|
<% End If %>
<%
Set Marslar = Bag.Execute("SELECt * FROM tblMilliMarslar WHERE fldOnay=1 ORDER BY fldUlke")
If Not Marslar.EOF Then
i=0
Do While Not Marslar.EOF
If i Mod 27 = 0 Then Response.Write " | "
If Marslar("fldUlke") = "TÜRKİYE" Then Ek = " style=""color:#FF0000""" Else Ek = ""
Response.Write "" & Marslar("fldUlke") & ""
If Marslar("fldMidi") <> "" Then Response.Write " ( Dinle) "
Response.Write ""
i=i+1: Marslar.MoveNext
Loop
End If
%>
|
|
|
<% Else %>
<%
Set Mars = Bag.Execute("SELECT * FROM tblMilliMarslar WHERE fldID=" & Temizle(QueryFilter(Request.QueryString("id"))))
If Not Mars.EOF Then
%>
|
<%=UCaseEx(Mars("fldUlke"))%> ÜLKESİ MİLLİ MARŞI |
|
<%=DikeyBol%>
|
|
<% End If %>
<% End If %>
<%=Hr%>