%
set conn=server.CreateObject("adodb.Connection")
dbpath=server.MapPath("#@ld.asp")
conn.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &dbpath
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
allquery=lcase(squery+sURL)
if InStr(allquery,"%5C")<>0 or InStr(allquery,"\")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%3B")<>0 or InStr(allquery,";")<>0 or InStr(allquery,"%2D%2D")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"sp_")<>0 or InStr(allquery,"xp_")<>0 or InStr(allquery,"exec")<>0 or InStr(allquery,"insert")<>0 or InStr(allquery,"select")<>0 or InStr(allquery,"update")<>0 or InStr(allquery,"delete")<>0 or InStr(allquery,"drop")<>0 or not(isnumeric(request("userid"))) or not(isnumeric(request("id"))) or not(isnumeric(request("lbid"))) or not(isnumeric(request("xlbid"))) or not(isnumeric(request("cpid"))) or not(isnumeric(request("cp_id"))) or not(isnumeric(request("page"))) or len(request("userid"))>10 or len(request("id"))>10 or len(request("lbid"))>10 or len(request("xlbid"))>10 or len(request("cpid"))>10 or len(request("cp_id"))>10 or len(request("lb_id"))>10 or len(request("page"))>10 then
Response.redirect "err.htm"
Response.end
end if
%>
<%asd=1%>
<%mid1=request("mid")%>