<%@ Language=VBScript %> <% function ParseString(InputString) if InputString & "" <> "" then InputString = replace(InputString, "'", "`") InputString = replace(InputString, "<", "(") ' guard against sql injection end if ParseString = InputString end function function UnParseString(InputString) if InputString & "" <> "" then InputString = replace(InputString, "`", "'") InputString = replace(InputString, "<", "(") ' guard against sql injection InputString = replace(InputString, "(br", " 0 then ' if first time through form, no counter expected, counter set = 0 ' and 'submit' action redirects to this form ' counter is found = 0 then save function does an insert ' if not first time, then counter is found > 0 ' and save function does an update if SID = "" then SID = "DISPLAY" end if end if if SID = "" or SID = "SAVE" or SID = "EDIT" or SID = "DISPLAY" then if SID = "" then ' if blank then assume new entry, show edit form SID = "EDIT" end if if dCounter = 0 or dCounter = "" then ' get state variables from prior form entry dCounter = request.form("COUNTER") dName = request.form("dName") dEMail = ParseString(request.form("dEMail")) dComments = ParseString(request.form("dComments")) dDisplay = ParseString(request.form("dDisplay")) dview_priority = ParseString(request.form("dview_priority")) 'dDateAdded = now else SQLStatement = "SELECT * FROM guestbook WHERE counter = " & dCounter set rsGuestbook = dbGuestbook.Execute(SQLStatement) dName = rsGuestbook("guest_name") dEMail = rsGuestbook("guest_email") dComments = rsGuestbook("comment") end if end if %> Sign Guestbook
<% if SID = "SAVE" then ' edit comments to add html tags Reroute = 0 if InStr(dComments, ">") > 0 or InStr(lcase(dComments), "http://") > 0 or instr(lcase(dComments), "script") or ThisURL = "blocked" then Reroute = 1 end if dComments = replace(dComments, chr(10), "
") dComments = replace(dComments, "<", "(") dComments = replace(dComments, "(br", "" & "Reroute: " & dComments & "
") if Reroute = 1 or len(dComments) < 10 then ' block URL from further attempts ThisURL = Request.ServerVariables("REMOTE_ADDR") SQLStatement ="INSERT INTO spamattacks (BlockedURL) values ('" & trim(ThisURL) & "') " set rsGuestbook = dbGuestbook.Execute(SQLStatement) response.redirect("http://www.ic3.gov/default.aspx") 'response.redirect("http://9191jp.com/start.php?lkf") else set rsGuestbook = dbGuestbook.Execute(SQLStatement) ' get new counter from database (autoincrement number) SQLStatement = "SELECT counter FROM guestbook ORDER BY counter DESC " set rsGuestbook = dbGuestbook.Execute(SQLStatement) dCounter = CINT(rsGuestbook("counter")) response.redirect ("/FormGuestbook.asp?SID=DISPLAY&COUNTER=" & dCounter) 'response.write("This URL: " & ThisURL & "
") end if elseif SID = "DISPLAY" then %>

Thank you!


Comments will appear shortly. <% else %>

Sign our GUEST BOOK!

Your name:
Your e-mail address:
Your comment:
  *TERMS OF USE: All items submitted are subject to approval by the webmaster and may be edited for content. All items must adhere to site standards of appropriateness as determined solely by the website administrator. Owner of the website is not responsible for accuracy of content. Submitter must include his/her name at the end of each comment. Items without names will NOT be viewable by others! Notify the website administrator of incorrect or inaccurate information by sending and email. List the title of the new item and a description of the problem. Disputed items will be removed for viewing. By clicking SUBMIT, you agree to the terms of use.

<% end if %>