?% dim conn dim connstr dim mydbpath mydbpath="manage/xxxxxxcdata/##Dingguowebimages.mdb" Set conn = Server.CreateObject("ADODB.Connection") connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(mydbpath) conn.Open connstr '数据库连接出错后的操? If Err Then err.Clear Set Conn = Nothing Response.Write "数据库连接出错,请检查连接字串? Response.End End If set rshead=server.CreateObject("adodb.recordset") rshead.open "select w_title,w_copy,w_keyword,w_descrip,w_main,w_inner from webinfo where 1=1",conn,1,1 strtitle=rshead("w_title") strcopy=rshead("w_copy") strkeyword=rshead("w_keyword") strdescrip=rshead("w_descrip") rshead.close set rshead=nothing sub closedb() conn.close set conn=nothing end sub function strprint(tempstr,tempnum) mylen=len(trim(tempstr)) if mylen>tempnum then dim mystr,mymid mystr=tempstr mymid=mid(mystr,tempnum,1) if mymid=" "then strprint=left(mystr,tempnum) else do while (mymid<>" ") tempnum=tempnum+1 mymid=mid(mystr,tempnum,1) loop strprint=left(mystr,tempnum) end if else strprint=tempstr end if end function function htmlencode2(str) dim result dim l if isNULL(str) then htmlencode2="" exit function end if l=len(str) result="" dim i for i = 1 to l select case mid(str,i,1) case "<" result=result+"<" case ">" result=result+">" case chr(13) result=result+"
" case chr(34) result=result+""" case "&" result=result+"&" case chr(32) 'result=result+" " if i+1<=l and i-1>0 then if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) then result=result+" " else result=result+" " end if else result=result+" " end if case chr(9) result=result+" " case else result=result+mid(str,i,1) end select next htmlencode2=result end function '过滤判断是是否受到SQL注入攻击 dim sql_injdata SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then response.write(Request.QueryString(SQL_Get)) Response.Write "" Response.end end if next Next End If 'Get请求的注入的拦截 If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then response.write(Request.Form(Sql_Post)) Response.Write "" Response.end end if next next end if '========================================================= '函数:RemoveHTML(strHTML) '功能:去除HTML标记 '参数:strHTML --要去除HTML标记的字符串 '========================================================= Function RemoveHTML(strHTML) Dim objRegExp, Match, Matches Set objRegExp = New Regexp objRegExp.IgnoreCase = True objRegExp.Global = True '取闭合的<> objRegExp.Pattern = "<(?!img|br|p|div).*?>" '进行匹配 Set Matches = objRegExp.Execute(strHTML) ' 遍历匹配集合,并替换掉匹配的项目 For Each Match in Matches strHtml=Replace(strHTML,Match.Value,"") Next RemoveHTML=strHTML Set objRegExp = Nothing set Matches=nothing End Function '截取英文字符? 完整单词 function strprint(tempstr,tempnum) mylen=len(trim(tempstr)) if mylen>tempnum then dim mystr,mymid mystr=tempstr mymid=mid(mystr,tempnum,1) if mymid=" "then strprint=left(mystr,tempnum) else do while (mymid<>" ") tempnum=tempnum+1 mymid=mid(mystr,tempnum,1) loop strprint=left(mystr,tempnum) end if else strprint=tempstr end if end function %>
    News is nothing
    BBS数据库连接出错,请检查连接字串。