高考问答中国最年轻的县长:关于禁止ASP上传屏蔽掉。ASP问题
来源:百度文库 编辑:高考问答 时间:2024/05/05 06:28:55
我的上传程序是,谁能帮帮我不让人家传ASP或者PHP呀谢谢啦
<%
dim isSetVar
isSetVar=0
%>
<!-- #include file="../conn.asp" -->
<html>
<head>
<title>企商在线上传系统</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
td { font-size: 9pt}
a { color: #000000; text-decoration: none}
a:hover { text-decoration: underline}
.tx { height: 16px; width: 30px; border-color: black black #000000; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; background-color: #eeeeee; color: #0000FF}
.bt { font-size: 9pt; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; height: 16px; width: 80px; background-color: #eeeeee; cursor: hand}
.tx1 { height: 20px; width: 30px; font-size: 9pt; border: 1px solid; border-color: black black #000000; color: #0000FF}
-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000" topmargin="1" leftmargin="1">
<form name="form1" method="post" action="upload.asp" enctype="multipart/form-data" >
<input type="hidden" name="filepath" class="tx" style="width:350" value="<%=pic_path%>" size="20">
<input type="hidden" name="act" value="upload">
<table width="254" border="1" cellspacing="0" cellpadding="5" align="center" bordercolordark="#CCCCCC" bordercolorlight="#000000" height="123">
<tr bgcolor="#CCCCCC">
<td height="12" align="left" valign="middle" bgcolor="#CCCCCC" width="427">
企商在线上传系统--文件上传</td>
</tr>
<tr align="left" valign="middle" bgcolor="#eeeeee">
<td bgcolor="#eeeeee" height="52" width="427">
<script language="javascript">
function setid()
{
str='<br>';
if(!window.form1.upcount.value)
window.form1.upcount.value=1;
for(i=1;i<=window.form1.upcount.value;i++)
str+='文件'+i+':<input type="file" name="file'+i+'" style="width:400" class="tx1"><br><br>';
window.upid.innerHTML=str+'<br>';
}
</script>
<li> 需要上传的个数
<input type="text" name="upcount" class="tx" value="1" size="20">
<input type="button" name="Button" class="bt" onclick="setid();" value="· 设定 ·">
</li>
</td>
</tr>
<tr align="center" valign="middle">
<td align="left" id="upid" height="1" width="427"> 文件1:
<input type="file" name="file1" style="width:400" class="tx1" value="" size="20">
</td>
</tr>
<tr align="center" valign="middle" bgcolor="#eeeeee">
<td bgcolor="#eeeeee" height="16" width="427">
<input type="submit" name="Submit" value="· 提交 ·" class="bt">
<input type="reset" name="Submit2" value="· 重执 ·" class="bt">
</td>
</tr>
</table>
</form>
<script language="javascript">
setid();
</script>
</body>
</html>
<%
dim isSetVar
isSetVar=0
%>
<!-- #include file="../conn.asp" -->
<html>
<head>
<title>企商在线上传系统</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
td { font-size: 9pt}
a { color: #000000; text-decoration: none}
a:hover { text-decoration: underline}
.tx { height: 16px; width: 30px; border-color: black black #000000; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; background-color: #eeeeee; color: #0000FF}
.bt { font-size: 9pt; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; height: 16px; width: 80px; background-color: #eeeeee; cursor: hand}
.tx1 { height: 20px; width: 30px; font-size: 9pt; border: 1px solid; border-color: black black #000000; color: #0000FF}
-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000" topmargin="1" leftmargin="1">
<form name="form1" method="post" action="upload.asp" enctype="multipart/form-data" >
<input type="hidden" name="filepath" class="tx" style="width:350" value="<%=pic_path%>" size="20">
<input type="hidden" name="act" value="upload">
<table width="254" border="1" cellspacing="0" cellpadding="5" align="center" bordercolordark="#CCCCCC" bordercolorlight="#000000" height="123">
<tr bgcolor="#CCCCCC">
<td height="12" align="left" valign="middle" bgcolor="#CCCCCC" width="427">
企商在线上传系统--文件上传</td>
</tr>
<tr align="left" valign="middle" bgcolor="#eeeeee">
<td bgcolor="#eeeeee" height="52" width="427">
<script language="javascript">
function setid()
{
str='<br>';
if(!window.form1.upcount.value)
window.form1.upcount.value=1;
for(i=1;i<=window.form1.upcount.value;i++)
str+='文件'+i+':<input type="file" name="file'+i+'" style="width:400" class="tx1"><br><br>';
window.upid.innerHTML=str+'<br>';
}
</script>
<li> 需要上传的个数
<input type="text" name="upcount" class="tx" value="1" size="20">
<input type="button" name="Button" class="bt" onclick="setid();" value="· 设定 ·">
</li>
</td>
</tr>
<tr align="center" valign="middle">
<td align="left" id="upid" height="1" width="427"> 文件1:
<input type="file" name="file1" style="width:400" class="tx1" value="" size="20">
</td>
</tr>
<tr align="center" valign="middle" bgcolor="#eeeeee">
<td bgcolor="#eeeeee" height="16" width="427">
<input type="submit" name="Submit" value="· 提交 ·" class="bt">
<input type="reset" name="Submit2" value="· 重执 ·" class="bt">
</td>
</tr>
</table>
</form>
<script language="javascript">
setid();
</script>
</body>
</html>
要修改upload.asp
type=right(上传文件,3)
if type="asp" or type="php" then
response.write("文件类型上传有误")
else
...
endif
晕 你简单的制作一下不就可以了。
首先先验证他文件名,如果他文件的后缀名为.asp 或.php的话那就提示他修改文件,这样就可以达到禁止上传的功能。
但这也是一个简单的方法,如果要彻底的话要在服务器上验证,这个我就不明说了。
在保存文件的前判断文件名:
if instr(文件名,".asp")>0 then
response.write "禁止上传"
response.end
end if
....
建议你去www.MSDN.NET那里比较有专业的答案