<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%> <% '生成对象 dim downasp set downasp = new const_cls %> <% session.CodePage = 65001 response.Charset = 65001 Response.Buffer=true Response.Expires=0 %> <% sqlusername = "admin" sqlpassword = "www.wxweb.cn" db="data_@#$%db/databs.mdb" set conn=server.createobject("adodb.connection") connstr="provider=microsoft.jet.oledb.4.0; user id = " & sqlusername & "; jet oledb:database password = " & sqlpassword & "; data source=" & server.mappath(db) '如果服务器是老的access，请用下面的连接 'connstr= "driver={microsoft access driver(*.mdb)};dbq=" & server.mappath(db) conn.open connstr '---------------------------确定网站的版本要求----------------------------- dim gb gb=session("gb") if request("gb")<>"" then gb=request("gb") end if if gb="" then gb="ch" end if v=1 lang_1="英文版" '对应ch lang_2="中文版" '对应en '------------------------------------------------------------------------------------ %> <% sub closeconn() if isobject(downasp) then set downasp = nothing end if if isobject(conn) then conn.close set conn = nothing end if end sub function checkint(str,def) '检测输入的是否是整数 'str 输入的字符串，def如果str非法则返回的整数 str = trim(str) if len(str)= 0 or isnull(str) then checkint = def exit function end if if isnumeric(str) then checkint=clng(str) else checkint=def end if end function function checksqlstr(getstr) '检测输入的参数是否含有sql敏感字符，如果有返回空字符串 dim strfilter,strtmp,i,regex if len(getstr) = 0 or isnull(getstr) then checksqlstr = "" exit function end if set regex = new regexp strfilter = "select|delete|update|drop|create|exec" regex.pattern = strfilter regex.ignorecase = true regex.global = true getstr = trim(regex.replace(getstr,"")) strfilter="'" regex.pattern= strfilter getstr = trim(regex.replace(getstr,"''")) strfilter="0x" regex.pattern= strfilter getstr = trim(regex.replace(getstr,"")) regex.pattern="法[\s　]*轮[\s　]*功" getstr=regex.replace(getstr,"*轮*") set regex=nothing checksqlstr = getstr end function sub jstop(strmsg) '显示信息并回退一步 dim html html = "" response.write html response.end end sub sub showmsgbox(strmsg,strurl) '显示信息 dim html html = "" response.write html response.end end sub %>