<% '连接数据库,默认数据库是关闭的,调用时要先打开 Dim WebsiteURL WebsiteURL = "../"'定义网站录目 Dim Conn Private Sub ConnOpen() db=server.mappath("#database#/#database#.mdb") set conn=server.createobject("adodb.connection") conn.open "driver={microsoft access driver (*.mdb)};pwd=;dbq="&db '没有密码 End Sub Private Sub ConnClose() If Not (Conn Is Nothing) Then Conn.Close : Set Conn = Nothing End If End Sub ConnOpen()'打开数据库连接 function inreplace(fString) if not isnull(fString) then fString = replace(fString, ">",">") fString = replace(fString, "<","<") fString = Replace(fString, CHR(32)," ") fString = Replace(fString, CHR(9)," ") fString = Replace(fString, CHR(34),""") fString = Replace(fString, CHR(39),"'") 'fString = Replace(fString, CHR(13),"") 'fString = Replace(fString, CHR(10) & CHR(10),"</p><p>") fString = Replace(fString, CHR(10),"<BR>") 'fString = Replace(fString,"
","<BR>") inreplace = fString end if end function ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '防SQL注入函数 Function YeSqlStr(data,falgs) select case falgs case "1" '数值型 data= data if not isNumeric (data) then data=0 case "2" '字符型 data = Replace (data, "'", "''" ) case else '字符串 data = Trim(Replace(data, "&", "&")) data = replace(data, "<", "<") data = replace(data, ">", ">") data = replace(data, "'", """") data = replace(data, "*", "") data = replace(data, "?", "") data = replace(data, "select", "") data = replace(data, "insert", "") data = replace(data, "delete", "") data = replace(data, "update", "") data = replace(data, "delete", "") data = replace(data, "create", "") data = replace(data, "drop", "") data = replace(data, "declare", "") data = replace(data, vbCrLf&vbCrlf, "

") data = replace(data, vbCrLf, "
") end select YeSqlStr= data End Function %>

Loading...
网站首页 | 关于我们 | 政策大全 | 新闻中心 | 法律法规 | xml地图 | 联系我们 | 站点地图 | 网站后台
Copyright @ 2005-2011 www.gaoccxjj.com All Rights Reserved
沪ICP备1022518号