www.gusucode.com > 因特达Access数据库在线管理系统 > 因特达Access数据库在线管理系统\code\access\fun.asp
<% Function Add_ziduan(tbName,columnName,typ)'表中添加一列 On Error Resume Next conn.execute("alter table "&tbName&" add column "&columnName&" "&typ)'添加一列 end function function check_ziduan(tbName,ziduan)'检查字段是否存在 err.clear'先清空错误,开始测试 on error resume next dim rs set rs=server.CreateObject("adodb.recordset") sql="select "&ziduan&" from "&tbName rs.open sql,conn,1,1'测试数据库中是否有指定字段 if ERR.Number<>0 then'说明有错, check_ziduan=false err.clear else check_ziduan=true end if rs.close'测试结束 end function function sql_id(s1) '过滤数值型参数 if s1&""="" then sql_id="" exit function end if if not isnumeric(s1) then response.write(s1&"<br>ID只能为正整数!") response.end else if s1<0 or s1>2147483647 then response.write("数值过大或过小!") response.end else sql_id=s1 end if end if end function function sql_num(s1)' 过滤货币型参数 if not isnumeric(s1) then sql_num=0 else sql_num=s1 end if end function function sql_str(s1) '过滤字符型参数 if s1&""="" then sql_str="" else sql_str=trim(replace(replace(s1,Chr(34), """),chr(39),"'")) end if end function function sql_kill(s1)' 过滤所有危险字符,适合传回来的列名 If s1&"" = "" then sql_kill="" else s1=replace(s1,">","") s1=replace(s1,"<","") s1=replace(s1,"=","") s1=replace(s1,"(","") s1=replace(s1,")","") s1=replace(s1,",","") s1=replace(s1,";","") s1=replace(s1,"%","") s1=replace(s1,"*","") s1=replace(s1,"+","") s1=replace(s1,"-","") s1=replace(s1,chr(9),"") s1=replace(s1,chr(10),"") s1=replace(s1,chr(13),"") s1=replace(s1,chr(32),"")'空格 s1=replace(s1,chr(34),"") s1=replace(s1,chr(39),"") sql_kill =s1 end if end function %>