'作者:CSDN 许仙
'Homepage : jjweb.126.com
'MSN :Coderxu#hotmail.com
'QQ:19030300
'转载请保持文章完整,保存以上作者信息 请珍惜他人劳动成果
'你可以直接拷贝到一个asp页面里作为一个数据库的类
' Dim Currentdb
' set CurrentDb= New ClsCurrent
' '建立对象
' set rst=Currentdb.OpenRst("Select * from ")
''建立记录集
'ExeSql "instr .."
'set Currentdb=nothing '释放对象 以触发..Class_Terminate
<%
Option Explicit
'ASP 防止注入过滤字符---------------------
Dim sql_injdata,Sql_Inj,SQL_Get,Sql_DATA,Sql_Post
sql_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Sql_Inj = Split(sql_injdata, "|")
If Request.QueryString <> "" Then
For Each SQL_Get In Request.QueryString
SQL_Get=LCase(SQL_Get)
For Sql_DATA = 0 To UBound(Sql_Inj)
If InStr(Request.QueryString(SQL_Get), Sql_Inj(Sql_DATA)) > 0 Then
Response.Write "<Script>alert('参数中包含非法字符!');history.back</Script>"
Response.end
End If
Next
Next
End If
If Request.Form <> "" Then
For Each Sql_Post In Request.Form
Sql_Post=LCase(Sql_Post)
For Sql_DATA = 0 To UBound(Sql_Inj)
If InStr(Request.Form(Sql_Post), Sql_Inj(Sql_DATA)) > 0 Then
Response.Write "<Script>alert('参数中包含非法字符!');history.back</Script>"
Response.end
End If
Next
Next
End If
'ASP 防止注入过滤字符---------------------
Function Echo(strVal)
Response.Write strVal
End Function
Class ClsCurrent '创建类名
' Dim Currentdb
' set CurrentDb= New ClsCurrent
' '建立对象
' set rst=Currentdb.OpenRst("Select * from ")
''建立记录集
'ExeSql "instr .."
'set Currentdb=nothing '释放对象 以触发..Class_Terminate
Private conn
Public Function OpenRst(ByVal strSql)
strSql = Replace(Trim(strSql), ";", "")
Dim rst
set rst=server.CreateObject("ADODB.Recordset")
rst.Open (strSql), conn, 1, 3
Set OpenRst = rst
Set rst = Nothing
Exit Function
End Function
Private Sub Class_Initialize()
Dim strConn
set conn=server.CreateObject("ADODB.Connection")
strConn ="driver={microsoft access driver (*.mdb)};dbq=" & Server.MapPath("/Data.mdb")
conn.Open strConn
Exit Sub
hErr:
Echo "Class Err"
End Sub
Private Sub Class_Terminate()
If conn.State <> 0 Then conn.Close
Set conn = Nothing
End Sub
Public Sub ExeSql(StrSql)
Conn.Execute(strSql)
End Sub
Public Sub CloseConn()
If conn.State <> 0 Then conn.Close
End Sub
Public Sub OpenConn()
Class_Initialize
End Sub
Public Sub NothingRst(byref rst)
if rst.state <>0 then rst.close
set rst=nothing
End Sub
End Class
%>