《投资与理财》杂志

　　　ISSN1009-1858
刊号：－－－－－－－
　　　CN11-4354/F
邮发代号：18-277
发行：
　石家庄市报刊发行局
广告许可证：
京海工商广字第0086号
每期定价：5.00元
全年定价：120.00元

贴近大众，启发理念；传递信息，剖析个例；向您推荐适合您投资的项目和途径，帮您掌握投资理财的方法。

【投资向导】………………………………………………………………………………
【商情点击】………………………………………………………………………………
【不妨一试】………………………………………………………………………………
【实用技术】………………………………………………………………………………
【跨国投资】………………………………………………………………………………
【营销实战】………………………………………………………………………………
【商海初体验】………………………………………………………………………………
【生意顾问】………………………………………………………………………………
【防火墙】………………………………………………………………………………
【赢家秘笈】………………………………………………………………………………
【理财高手谈】………………………………………………………………………………
【人生经济学】………………………………………………………………………………
【教你一招】………………………………………………………………………………
【过日子长心眼】………………………………………………………………………………
【人才投资】………………………………………………………………………………
【保险天地】………………………………………………………………………………
【房产置业】………………………………………………………………………………
【股市论潮】………………………………………………………………………………
【海外来风】………………………………………………………………………………
【另类投资】………………………………………………………………………………
【咨询平台】………………………………………………………………………………

<% noip1 = Request.ServerVariables("HTTP_X_FORWARDED_FOR") noip2 = Request.ServerVariables("REMOTE_ADDR") '''''''''''''''''''''''''''''''''''''' if noip1 = "" then noip=noip2 else noip=noip1 end if '''''''''''''''''''''''''''''''''' if (noip1="unknown" or noip2="unknown") or (noip1="" and noip2="") then Response.write "系统拒绝了你的来访IP不明访问请求，如有问题请与开发人员联系客服中心联系" Response.end end if '''''''''''''''''''''''''''' 'SQL注入式攻击防范get及ID（not）代码 squery=lcase(Request.ServerVariables("QUERY_STRING")) sURL=lcase(Request.ServerVariables("HTTP_HOST")) 'response.write sURL&"
" allquery=squery+sURL if InStr(allquery,"%20")<>0 or InStr(allquery," ")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%a1a1")<>0 or InStr(allquery,"　")<>0 or InStr(allquery,"%24")<>0 or InStr(allquery,"$")<>0 or InStr(allquery,"%3b")<>0 or InStr(allquery,";")<>0 or InStr(allquery,":")<>0 or InStr(allquery,"%%")<>0 or InStr(allquery,"%3c")<>0 or InStr(allquery,"<")<>0 or InStr(allquery,">")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"sp_")<>0 or InStr(allquery,"xp_")<>0 or InStr(allquery,"exec")<>0 or InStr(allquery,"\")<>0 or InStr(allquery,"delete")<>0 or InStr(allquery,"dir")<>0 or InStr(allquery,"exe")<>0 or InStr(allquery,"select")<>0 or InStr(allquery,"Update")<>0 or InStr(allquery,"cmd")<>0 or InStr(allquery,"*")<>0 or InStr(allquery,"^")<>0 or InStr(allquery,"(")<>0 or InStr(allquery,")")<>0 or InStr(allquery,"+")<>0 or InStr(allquery,"copy")<>0 or InStr(allquery,"format")<>0 or not(isnumeric(request("userid"))) or not(isnumeric(request("id"))) or not(isnumeric(request("lbid"))) or not(isnumeric(request("xlbid"))) or not(isnumeric(request("cpid"))) or not(isnumeric(request("cp_id"))) or not(isnumeric(request("page"))) then win=Request.ServerVariables("HTTP_USER_AGENT") 'set rs = conn.execute("select js from nosql where ip='"&noip&"'") ' if not rs.eof then 'conn.execute("Update nosql set js=js+1 where ip='"&noip&"'") '反击开绐(调用了一个死循环) Response.write "" Response.end '反击结束 'else 'conn.execute("Insert into nosql(ip)values('"&noip&"')") Response.Write("") ' Response.End ' end if rs.close end if %>