www.gusucode.com > 山寨版广告信息招贴网源码程序 > 山寨版广告信息招贴网源码程序/ewuyi/dir_发布/user/conn.asp

    <!-- #include file="../config.asp"-->
<!-- #include file="Function.asp"-->
<%
squery=lcase(Request.ServerVariables("QUERY_STRING")) 
sURL=lcase(Request.ServerVariables("HTTP_HOST")) 
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" 
SQL_inj = split(SQL_Injdata,"|") 
For SQL_Data=0 To Ubound(SQL_inj) 
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then 
Response.Write "SQL通用防注入系统" 
Response.end 
end if 
next
on error resume next 
'字符串连接数据库方法
ConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath("../"&mdbpath&"")
set conn=Server.CreateObject("ADODB.Connection")
conn.open ConnStr
If Err Then
err.Clear
Set Conn = Nothing
Response.Write "Load……"
Response.End
End If
Function HtmlEncode(Content)
 Content = Replace(Content, ">", "&gt;") 
 Content = Replace(Content, "<", "&lt;")
 Content = Replace(Content, "'", "") 
 HtmlEncode = content 
End Function
Function HtmlEncode2(Content)
 Content = Replace(Content, ">", "&gt;") 
 Content = Replace(Content, "<", "&lt;")
 Content = Replace(Content, " ", "&nbsp;")
 Content = Replace(Content, "'", "")
 Content = Replace(Content, vbcrlf,"<br>") 
 HtmlEncode2 = content 
End Function
%>