%
Function QueryFilter(Str)
Str = Replace(Str, "*", "[INJ]",1,-1,1)
Str = Replace(Str, "=", "[INJ]",1,-1,1)
Str = Replace(Str, "<", "[INJ]",1,-1,1)
Str = Replace(Str, ">", "[INJ]",1,-1,1)
Str = Replace(Str, ";", "[INJ]",1,-1,1)
Str = Replace(Str, "(", "[INJ]",1,-1,1)
Str = Replace(Str, ")", "[INJ]",1,-1,1)
Str = Replace(Str, "+", "[INJ]",1,-1,1)
Str = Replace(Str, "#", "[INJ]",1,-1,1)
Str = Replace(Str, "'", "[INJ]", 1, -1, 1)
Str = Replace(Str, "&", "[INJ]", 1, -1, 1)
Str = Replace(Str, "%", "[INJ]", 1, -1, 1)
Str = Replace(Str, "?", "[INJ]", 1, -1, 1)
Str = Replace(Str, "´", "[INJ]", 1, -1, 1)
Str = Replace(Str, ",", "[INJ]",1,-1,1)
Str = Replace(Str, "UNION", "[INJ]",1,-1,1)
Str = Replace(Str, "SELECT", "[INJ]",1,-1,1)
Str = Replace(Str, "WHERE", "[INJ]",1,-1,1)
Str = Replace(Str, "LIKE", "[INJ]",1,-1,1)
Str = Replace(Str, "FROM", "[INJ]",1,-1,1)
Str = Replace(Str, "UPDATE", "[INJ]",1,-1,1)
Str = Replace(Str, "INSERT", "[INJ]",1,-1,1)
Str = Replace(Str, "ORDER", "[INJ]",1,-1,1)
Str = Replace(Str, "GROUP", "[INJ]",1,-1,1)
Str = Replace(Str, "ALTER", "[INJ]",1,-1,1)
Str = Replace(Str, "ADD", "[INJ]",1,-1,1)
Str = Replace(Str, "MODIFY", "[INJ]",1,-1,1)
Str = Replace(Str, "RENAME", "[INJ]",1,-1,1)
Str = Replace(Str, Chr(39), "[INJ]", 1, -1, 1)
If InStr(1,Str,"[INJ]",1) then
Response.Redirect "Default.asp"
end if
QueryFilter = Str
End Function
%>
<%
ID = Temizle(QueryFilter(Request.QueryString("id")))
If ID = "" Then ID = 1
Set Tavsiye = Bag.Execute("SELECT * FROM tblSeyahatTavsiyeleri WHERE fldOnay=1 AND fldID=" & ID)
If Tavsiye.EOF Then
Response.Write "
Aradığınız kayıt veritabanında bulunamadı!"
Else
Response.Write " " & Tavsiye("fldBaslik") & ": " & Temizle(Tavsiye("fldTavsiye")) & " "
End If
%>
|
<%=DikeyBol%>
|
|
<%=Hr%>