StrDSN = "Provider=SQLOLEDB.1;Persist Security Info=False;User ID=" & StrUid & ";PWD=" & StrSaPwd & ";Initial Catalog=" & StrDbName & ";Data Source=(local)"
Set Conn = Server.CreateObject("ADODB.Connection")
Set Rs=Server.CreateObject("ADODB.RecordSet")
Conn.Open StrDSN
'关闭Rs记录
Sub RsClose()
Rs.Close
Set Rs=Nothing
End Sub
'关闭Rss记录
Sub RssClose()
Rss.Close
Set Rss=Nothing
End Sub
'关闭Conn数据源
Sub ConnClose()
Conn.Close
Set Conn=Nothing
End Sub
'取得客户端IP
Function GetIP()
UserIp = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If UserIp = "" Then UserIp = Request.ServerVariables("REMOTE_ADDR")
GetIp = UserIp
End Function
'防止SQL注入函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) = True then
SafeRequest=ParaValue
exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0 or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
Response.Write "<script language='javascript'>"
Response.Write "alert('哥们,不要乱搞!');"
Response.Write "location.href='http://www.fjiayuan.cn/';"
Response.Write "</script>"
else
SafeRequest=Replace(ParaValue,"'","")
End If
End function
%><!--#include file="SqlX.Asp" --><!--#include file="ConFig.asp"-->作者: cymy 时间: 2010-11-25 22:39
如下:
<%
Dim StrServer,StrUid,StrSaPwd,StrDbName
1:StrServer="127.0.0.1" (这个不用改) ?
2:StrUid="sa" (数据库名称)?
3:StrSaPwd="12345678" (数据密码)?
4:StrDbName="sa" (数据用户名) ?