www.gusucode.com > 云枫企业网站源代码第二版 2.0源码程序 > admin/inc/conndb.asp
<% dim conn dim connstr dim db db="../../#$%data/#data.asp" Set conn = Server.CreateObject("ADODB.Connection") connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(""&db&"") conn.Open connstr sub CloseConn() conn.close set conn=nothing end sub '--------------------------防止sql注入------------------------------ dim SafeRequestrequest Function SafeRequest(ParaName,ParaType) '--- 传入参数 --- 'ParaName:参数名称-字符型 'ParaType:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符) Dim ParaValue ParaValue=Request(ParaName) If ParaType=1 then If not isNumeric(ParaValue) then Response.write "参数" & ParaName & "必须为数字型!" Response.end End if Else ParaValue=replace(ParaValue,"'","''") End if SafeRequest=ParaValue End function %>