<% if isOpenConn="" then isOpenConn=1 Set conn = Server.CreateObject("ADODB.Connection") 'strCon = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("/c0h1y2z3q4.asp") 'response.write strCon 'response.end 'conn.Open strCon conn.open "gkong_gkong","gk_bwgcmainold","Dzzjzxczdg#$ec*BC" 'conn.open "Provider = Sqloledb;User ID = gk_bwgcmainold;Password = Dzzjzxczdg#$ec*BC;Initial Catalog = gkong;Data Source = (local);" end if Sub CloseConn() 'If IsObject(conn) Then If Not (conn Is Nothing) Then If conn.State = 1 Then conn.Close End If Set conn = Nothing End If End Sub function trim_zh(str,lng) if (str=null) OR isNull(str) then trim_zh="空" elseif len(str)")," "," ") end function '文本输入转换回行函数 function convert_br_ob(string) convert_br_ob=replace(string,"
",chr(13)&chr(10)) end function '防止注入函数 Function SafeRequest(ParaName,ParaType) '--- 传入参数 --- 'ParaName:参数名称-字符型 'ParaType:参数类型-数字型(1表示以上参数是数字，0表示以上参数为字符) Dim ParaValue ParaValue=Request(ParaName) If ParaType=1 then If not isNumeric(ParaValue) then 'Response.write "参数" & ParaName & "必须为数字型！" 'Response.end ParaValue=0 End if Else ParaValue=replace(ParaValue,"'","''") End if SafeRequest=ParaValue End function function strLength(str) ON ERROR RESUME NEXT dim WINNT_CHINESE WINNT_CHINESE = (len("论坛")=2) if WINNT_CHINESE then dim l,t,c dim i l=len(str) t=l for i=1 to l c=asc(mid(str,i,1)) if c<0 then c=c+65536 if c>255 then t=t+1 end if next strLength=t else strLength=len(str) end if if err.number<>0 then err.clear end function function cutStr(str,strlen) dim l,t,c l=len(str) t=0 for i=1 to l c=Abs(Asc(Mid(str,i,1))) if c>255 then t=t+2 else t=t+1 end if if t>=strlen then cutStr=left(str,i)&".." exit for else cutStr=str end if next cutStr=replace(cutStr,chr(10),"") end function function DispDate(dt,dmode) if dmode=0 then DispDate=datevalue(dt) elseif dmode=1 then DispDate=month(dt) & "-" & day(dt) elseif dmode=2 then DispDate=month(dt) & "/" & day(dt) elseif dmode=3 then DispDate=right(year(dt),2) &"/" & month(dt) & "/" & day(dt) elseif dmode=4 then DispDate=year(dt) &"年" & month(dt) & "月" & day(dt) &"日" elseif dmode=5 then DispDate=year(dt) &"/" & month(dt) & "/" & day(dt) elseif dmode=6 then DispDate=right("0000"&year(dt),2) &"-" & right("00"&month(dt),2) & "-" & right("00"&day(dt),2)&" "&right("00"&hour(dt),2) &":"& right("00"&minute(dt),2) else DispDate="[" & hour(dt) & ":" & minute(dt) & "]" end if end function Function FormatSQL(strChar) if strChar="" then FormatSQL="" else FormatSQL=replace(replace(replace(replace(replace(replace(replace(replace(strChar,"'","’"),"*","×"),"?","？"),"(","（"),")","）"),"<","〈"),".","。"),";","；") end if End Function %> <% 'Dim N_userip,N_thispage,Err_Message N_userip = Request.ServerVariables("REMOTE_ADDR") N_thispage = LCase(Request.ServerVariables("URL")) Err_Message = 0 '处理方式：1=提示信息,2=转向页面,3=先提示再转向,0=保存至数据库,继续运行 Call CheckRequestStr() Sub CheckRequestStr() Dim Query_Badword,Form_Badword,i,Err_Web,name '------定义部份头---------------------------------------------------------------------- Err_Web = "Err.Asp" '出错时转向的页面 '在这部份定义get非法参数,使用"∥"号间隔 Query_Badword="'∥and∥select∥update∥chr∥delete∥%20from∥insert∥mid∥master.∥set∥chr(37)∥xp_cmdshell∥net user∥create" '在这部份定义post非法参数,使用"∥"号间隔 'Form_Badword="'" Form_Badword="'∥and∥select∥update∥chr∥delete∥%20from∥insert∥mid∥master.∥set∥chr(37)∥xp_cmdshell∥net user∥create" '------定义部份尾----------------------------------------------------------------------- 'On Error Resume Next '----- 对 get query 值的过滤. if request.QueryString<>"" then Chk_badword=split(Query_Badword,"∥") FOR EACH Query_Name IN Request.QueryString for i=0 to ubound(Chk_badword) If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i))<>0 Then Call CheckData(Chk_badword(i)) End If NEXT NEXT End if '-----对 post 表单值的过滤. if request.form<>"" then Chk_badword=split(Form_Badword,"∥") FOR EACH name IN Request.Form for i=0 to ubound(Chk_badword) If Instr(LCase(request.form(name)),Chk_badword(i))<>0 Then request.form(name) Call CheckData(Chk_badword(i)) End If NEXT NEXT end if End Sub Sub CheckData(RequestWord) Select Case Err_Message Case "1" Response.Write "" Response.End Case "2" Response.Write "" Response.End Case "3" Response.Write "" Response.End Case "0" if RequestWord="'" then sqlc="select * from CheckRequest where userip='"&N_userip&"' and page='"&GetUrl()&"' and word='’'" else sqlc="select * from CheckRequest where userip='"&N_userip&"' and page='"&GetUrl()&"' and word='"&RequestWord&"' " end if set rs=conn.execute(sqlc) if rs.eof then if RequestWord="'" then sql="insert CheckRequest (userip,page,word,addtime,hit,updatetime) values ('"&N_userip&"','"&GetUrl()&"','’','"&now()&"','0','"&now()&"')" else sql="insert CheckRequest (userip,page,word,addtime,hit,updatetime) values ('"&N_userip&"','"&GetUrl()&"','"&RequestWord&"','"&now()&"','0','"&now()&"')" end if 'response.write sql&"
" conn.execute(sql) else dim checkrequest_hits checkrequest_hits=rs("hit")+1 sqlupdate="update CheckRequest set updatetime='"&now()&"', hit='"&checkrequest_hits&"' where id='"&rs("id")&"'" 'response.write sqlupdate conn.execute(sqlupdate) end if rs.close 'set rs=nothing End Select End Sub '========================= '获取当前Url参数的函数 Private Function GetUrl() Dim ScriptAddress,M_ItemUrl, M_item ScriptAddress = CStr(Request.ServerVariables("SCRIPT_NAME")) '取得当前地址 M_ItemUrl = "" If (Request.QueryString <> "") Then ScriptAddress = ScriptAddress & "?" For Each M_item In Request.QueryString '如果页面传递参数是用page变量，那么判断一下page是否已经使用，避免重复！ If InStr("page",M_Item)=0 Then M_ItemUrl = M_ItemUrl & M_Item &"="& Server.URLEncode(Request.QueryString(""&M_Item&"")) & "&" End If Next end if GetUrl = ScriptAddress & M_ItemUrl if instr(1,GetUrl,"?",1)<1 then GetUrl=GetUrl&"?" end if End Function '============================= %> <% sub mypage(vStr) ''创建表单myform,方法为Get response.write("

") ''设置翻页超 If vStr<>"" Then vStr=split(vStr,"#") for i=0 to ubound(vStr)-1 step 2 response.write("") next End If if rs.PageCount=1 then response.write("[第一页] [上一页] [下一页] [最后一页] ") response.write(" 每页"&rs.PageSize&"条记录 ") else if inAbsolutePage=1 then response.write("[第一页] [上一页] ") response.write("[下一页] ") response.write("[最后一页] ") response.write(" 每页"&rs.PageSize&"条记录 ") else if inAbsolutePage=rs.PageCount then response.write("[第一页] ") response.write("[上一页] ") response.write("[下一页] [最后一页] ") response.write(" 每页"&rs.PageSize&"条记录 ") else response.write("[第一页] ") response.write("[上一页] ") response.write("[下一页] ") response.write("[最后一页] ") response.write(" 每页"&rs.PageSize&"条记录 ") end if end if end if response.write(" 共"&rs.PageCount&"页共"&rs.RecordCount&"条记录") response.write("

") end sub %>

中国自动化学会
专家咨询工作委员会
指定宣传媒体

英文版 gotocontrol.com

PLC 　|　变频与传动 |　传感器　|　现场检测仪表　|　工控软件　|　人机界面　|　运动伺服　|　工厂自动化
DCS 　|　工业以太网　|　现场总线　|　显示调节仪表　|　数据采集　|　数传测控　|　工业安全　|　单片机电子
电源　|　嵌入式系统　|　PC based　|　机柜箱体　|　低压电器　|　机器视觉　|　工控搜索2.0版正式上线！

新闻　论坛　博客　人才　大讲坛　厂商论坛　产品　解决方案　厂商　求购　买卖场　代理　文摘　下载　展览　会议培训　电子期刊

中华工控网首页 > 中华工控网资讯 > 工控之子

立东方热土领民族工业 --专访东土电信的市场总监宋传荣先生 (05-9-7 16:22)

从物有所值到物超所值--专访悉雅特（中国）有限公司华南区经理王相锋先生 (05-9-7 16:20)

与狼共舞的国产PLC--专访北京凯迪恩自动化技术有限公司总经理秦京武先生 (05-9-7 16:17)

征服市场的七个策略--专访研扬嵌入式产品技术总监陈勇男先生 (05-9-7 16:14)

创新的专利技术，图尔克新型传感器--访图尔克市场部经理李泓小姐、传感器部经理赵晗先生 (05-9-7 16:9)

2005扩张年艾讯科技图谋北进 --访艾讯科技中国区总经理林荣坚先生 (05-9-7 16:7)

在变化中发展，以变适变--访研扬科技系统产品事业部产品总监李明忠先生 (05-9-7 16:1)

我的创造，我的梦！--访磐仪总经理李明先生 (05-9-7 15:59)

全方位服务，全方面招贤--访芯发威达电子(上海)有限公司人力资源总监林青蓉女士 (05-9-7 15:54)

[第一页] [上一页] [下一页] [最后一页] 每页20条记录共8页共149条记录