www.gusucode.com > 云枫企业网站源代码第二版 2.0源码程序 > admin/inc/conndb.asp

    <%
dim conn
dim connstr
dim db
db="../../#$%data/#data.asp"
Set conn = Server.CreateObject("ADODB.Connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(""&db&"")
conn.Open connstr

sub CloseConn()
	conn.close
	set conn=nothing
end sub
'--------------------------防止sql注入------------------------------
dim SafeRequestrequest
Function SafeRequest(ParaName,ParaType)
       '--- 传入参数 ---
       'ParaName:参数名称-字符型
       'ParaType:参数类型-数字型(1表示以上参数是数字，0表示以上参数为字符)
       Dim ParaValue
       ParaValue=Request(ParaName)
       If ParaType=1 then
              If not isNumeric(ParaValue) then
                     Response.write "参数" & ParaName & "必须为数字型！"
                     Response.end
              End if
       Else
              ParaValue=replace(ParaValue,"'","''")
       End if
       SafeRequest=ParaValue
End function
%>