ASP 一个数据库类模块

'作者:CSDN 许仙
'Homepage : jjweb.126.com
'MSN :Coderxu#hotmail.com
'QQ:19030300
'转载请保持文章完整,保存以上作者信息 请珍惜他人劳动成果

'你可以直接拷贝到一个asp页面里作为一个数据库的类
' Dim Currentdb
' set CurrentDb= New ClsCurrent
' '建立对象
' set rst=Currentdb.OpenRst("Select * from ")
''建立记录集
'ExeSql "instr .."
'set Currentdb=nothing '释放对象 以触发..Class_Terminate

<%
Option Explicit
'ASP 防止注入过滤字符---------------------
Dim sql_injdata,Sql_Inj,SQL_Get,Sql_DATA,Sql_Post
sql_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Sql_Inj = Split(sql_injdata, "|")
If Request.QueryString <> "" Then
  For Each SQL_Get In Request.QueryString
 SQL_Get=LCase(SQL_Get)
    For Sql_DATA = 0 To UBound(Sql_Inj)
      If InStr(Request.QueryString(SQL_Get), Sql_Inj(Sql_DATA)) > 0 Then
     Response.Write "<Script>alert('参数中包含非法字符！');history.back</Script>"
        Response.end
      End If
    Next
  Next
End If

If Request.Form <> "" Then
  For Each Sql_Post In Request.Form
   Sql_Post=LCase(Sql_Post)
    For Sql_DATA = 0 To UBound(Sql_Inj)
      If InStr(Request.Form(Sql_Post), Sql_Inj(Sql_DATA)) > 0 Then
        Response.Write "<Script>alert('参数中包含非法字符！');history.back</Script>"
        Response.end
      End If
    Next
  Next
End If
'ASP 防止注入过滤字符---------------------
Function Echo(strVal)
 Response.Write strVal
End Function

Class ClsCurrent '创建类名
' Dim Currentdb
' set CurrentDb= New ClsCurrent
' '建立对象
' set rst=Currentdb.OpenRst("Select * from ")
''建立记录集
'ExeSql "instr .."
'set Currentdb=nothing '释放对象 以触发..Class_Terminate

Private conn

Public Function OpenRst(ByVal strSql)

    strSql = Replace(Trim(strSql), ";", "")
    Dim rst
 set rst=server.CreateObject("ADODB.Recordset")
    rst.Open (strSql), conn, 1, 3
    Set OpenRst = rst
    Set rst = Nothing
    Exit Function
End Function

Private Sub Class_Initialize()
    Dim strConn
 set conn=server.CreateObject("ADODB.Connection")
 strConn ="driver={microsoft access driver (*.mdb)};dbq=" &   Server.MapPath("/Data.mdb")
    conn.Open strConn
    Exit Sub
hErr:
 Echo "Class Err"
End Sub

Private Sub Class_Terminate()
    If conn.State <> 0 Then conn.Close
    Set conn = Nothing
End Sub
 
Public Sub ExeSql(StrSql) 
Conn.Execute(strSql)
End Sub

Public Sub CloseConn() 
    If conn.State <> 0 Then conn.Close
End Sub

Public Sub OpenConn()
 Class_Initialize
End Sub
Public Sub NothingRst(byref rst)
 if rst.state <>0 then rst.close
 set rst=nothing
End Sub
End Class

%>