www.gusucode.com > 云枫企业网站源代码第二版 2.0源码程序 > admin/inc/conn.asp
<% dim conn dim connstr db="../../#$%Data/#data" '数据库文件位置 on error resume next connstr="DBQ="+server.mappath(""&db&"")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" set conn=server.createobject("ADODB.CONNECTION") if err then err.clear else conn.open connstr end if function decrypt(dcode) dim texts dim i for i=1 to len(dcode) texts=texts & chr(asc(mid(dcode,i,2))-i) next decrypt=texts end function function encrypt(ecode) Dim texts dim i for i=1 to len(ecode) texts=texts & chr(asc(mid(ecode,i,2))+i) next encrypt = texts end function Sub GoError(str) Call DBConnEnd() Response.Write "<script language=javascript>alert('" & str & "\n\n系统将自动返回前一页面...');history.back();</script>" Response.End End Sub ' ============================================ ' 得到安全字符串,在查询中或有必要强行替换的表单中使用 ' ============================================ Function GetSafeStr(str) GetSafeStr = Replace(Replace(Replace(Trim(str), "'", ""), Chr(34), ""), ";", "") End Function ' ============================================ ' 把字符串进行HTML解码,替换server.htmlencode ' 去除Html格式,用于显示输出 ' ============================================ Function outHTML(str) Dim sTemp sTemp = str outHTML = "" If IsNull(sTemp) = True Then Exit Function End If sTemp = Replace(sTemp, "&", "&") sTemp = Replace(sTemp, "<", "<") sTemp = Replace(sTemp, ">", ">") sTemp = Replace(sTemp, Chr(34), """) sTemp = Replace(sTemp, Chr(10), "<br>") outHTML = sTemp End Function ' ============================================ ' 去除Html格式,用于从数据库中取出值填入输入框时 ' 注意:value="?"这边一定要用双引号 ' ============================================ Function inHTML(str) Dim sTemp sTemp = str inHTML = "" If IsNull(sTemp) = True Then Exit Function End If sTemp = Replace(sTemp, "&", "&") sTemp = Replace(sTemp, "<", "<") sTemp = Replace(sTemp, ">", ">") sTemp = Replace(sTemp, Chr(34), """) inHTML = sTemp End Function '--------------------------防止sql注入------------------------------ dim SafeRequestrequest Function SafeRequest(ParaName,ParaType) '--- 传入参数 --- 'ParaName:参数名称-字符型 'ParaType:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符) Dim ParaValue ParaValue=Request(ParaName) If ParaType=1 then If not isNumeric(ParaValue) then Response.write "参数" & ParaName & "必须为数字型!" Response.end End if Else ParaValue=replace(ParaValue,"'","''") End if SafeRequest=ParaValue End function %>