WooYun.org

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="xyconn.asp"-->
<!--#include file="Inc/xycms.asp" -->
<!--#include file="Inc/config.asp" -->
<%
id=request.QueryString("id")
if id="" or not isnumeric(id) then
response.write "<script>alert('¾¯¸æ!·Ç·¨²ÎÊý£¡');window.location.href='index.html';</script>" 
Response.End()
end if
set rs=server.createobject("adodb.recordset") 
exec="select * from common where id="&id //直接带入查询
rs.open exec,conn,1,1
%>

<%
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset") 
exec="select * from [down] where id="& id
rs.open exec,conn,1,1
if rs.eof then
response.Write "<div style=""padding:10px"">ûÓÐÏà¹ØÐÅÏ¢£¡</a>"
response.End()
end if
%>

<%
id=request.QueryString("id")
if  not isnumeric(id) then
Response.Write "<script>alert('¾¯¸æ£¡²ÎÊý´íÎó£¡');history.go(-1);</script>" 
Response.End()
end if
set rs=server.createobject("adodb.recordset") 
if id="" then
exec="select * from news order by id desc"
else
exec="select * from news where ssfl="&id&" order by id desc"
end if
rs.open exec,conn,1,1
%>

<%
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset") 
exec="select * from zpxx where id="& id
rs.open exec,conn,1,1
if rs.eof then
response.Write "<div style=""padding:10px"">ûÓÐÏà¹ØÐÅÏ¢£¡</a>"
response.End()
end if
%>