<!--#Include file="const.asp"-->
<%
'on error resume next
Session.CodePage=65001
Response.charset="UTF-8"
const database_type=0 '数据库类型 0:Access 1:SQL
const database_path="db/db_.mdb" '数据库路径
dim connstr,conn
if database_type=1 then
'=====================SQL数据库配置=========================
const sql_datasource="(local)"
const sql_database="数据库名"
const sql_username="帐号"
const sql_userpass="密码"
connstr="provider=sqloledb;data source="&sql_datasource&";initial catalog="&sql_database&";uid="&sql_username&";pwd="&sql_userpass&";"
'=============================================================
end if
'key: 相对路径的目录数
sub startConn(key)
dim conn_int,conn_tmp
if typename(conn)="Connection" then
exit sub
end if
set conn=server.CreateObject("adodb.connection")
on error resume next
if database_type=0 then
for conn_int=1 to key
conn_tmp=conn_tmp&"../"
next
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source='" & Server.MapPath(conn_tmp&database_path)&"'"
end if
conn.open connstr
if err then
err.clear()
response.write "<div style=""color:#f00;font-size:14px;font-weight:bold;text-align:center;margin-top:64px;"">连接数据库发生错误!</div>"
response.end
end if
end sub
'关闭连接
sub endConn()
if typename(conn)="Connection" then
conn.close()
set conn=nothing
end if
end sub
'检查注入
sub chkInject()
SQL_injdata = "'|or|and|exec|insert|delete|update|chr|mid|from|"&_
"truncate|char|declare|object|script|applet|execute|join|"&_
"union|where|like|drop|create|rename|truncate|alter|nchar|alter|"&_
"cast|exists|xp_cmdshell"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
if instr(Request.QueryString(SQL_Get),"'")>0 Then
Response.Write "参数中包含非法字符'!"
Response.end
end if
For SQL_Data=1 To Ubound(SQL_inj)
if instr(Lcase(Request.QueryString(SQL_Get))," "&Sql_Inj(Sql_DATA)&" ")>0 Then
Response.Write "参数中包含非法字符"&Sql_Inj(Sql_DATA)
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
if instr(Request.Form(Sql_Post),"'")>0 Then
Response.Write "参数中包含非法字符'!"
Response.end
end if
For SQL_Data=1 To Ubound(SQL_inj)
if instr(Lcase(Request.Form(Sql_Post))," "&Sql_Inj(Sql_DATA)&" ")>0 Then
Response.Write "参数中包含非法字符"&Sql_Inj(Sql_DATA)
Response.end
end if
next
next
end if
end sub
%>
const database_type=0 '数据库类型 0:Access 1:SQL
是access数据库,之前是好的,什么都没有动过就发生这样的事了。
你的系统是网上下的吧,那就可能是试用时间到了.系统中的哪个参数变了