deffunction.asp

这个也是一个功能强大的企业整站的ASP源代码

<%
   function chtml(str)  '转换输出字符串
    dim result
    dim l
    
    if isNULL(str) then 
       chtml=""
       exit function
    end if
    l=len(str)
    result=""
	dim i
	for i = 1 to l
	    select case mid(str,i,1)
	           case "<"
	                result=result+"&lt;"
	           case ">"
	                result=result+"&gt;"
              case chr(13)
	                result=result+"<br>"
	           case chr(34)
	                result=result+"&quot;"
	           case "&"
	                result=result+"&amp;"
              case chr(32)	           
	                'result=result+"&nbsp;"
	                if i+1<=l and i-1>0 then
	                   if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9)  then	                      
	                      result=result+"&nbsp;"
	                   else
	                      result=result+" "
	                   end if
	                else
	                   result=result+"&nbsp;"	                    
	                end if
	           case chr(9)
	                result=result+"    "
	           case else
	                result=result+mid(str,i,1)
         end select
       next 
       chtml=result
   end function
   
 
 function ReplSql(sqlstr_temp) '替换SQL语句关键字
    sqlstr_temp=replace(sqlstr_temp,"'","''")
	ReplSql=sqlstr_temp
 end function
 
  function ch_date(date_temp)'检测是否为日期型
    if not isdate(date_temp) then
       response.write "<script>alert('输入的时间格式出错，请修改后再提交！\n数据保存失败！');history.back();</script>"
       response.end
    end if    
 end function

''将当前的日期和时间转为文件名
function makefilename()
  randomize
  fname = now()
  fname = replace(fname,"-","")
  fname = replace(fname," ","") 
  fname = replace(fname,":","")
  fname = replace(fname,"PM","")
  fname = replace(fname,"AM","")
  fname = replace(fname,"上午","")
  fname = replace(fname,"下午","")
  makefilename=fname&int(999*rnd+1)
end function 

function GetExtendName(FileName)
  dim ExtName
  ExtName = LCase(FileName)
  ExtName = right(ExtName,3)
  ExtName = right(ExtName,3-Instr(ExtName,"."))
  GetExtendName = ExtName
end function


function SendEmail(SenderTemp,MailName,SendTo,Subject,Text,TemplateHtml,HtmlFlag)
  Dim mailsend
  Dim sender
  ' 发送帐号是 admin
  sender = SenderTemp

  ' 创建MailSend对象
  Set mailsend = Server.CreateObject("easymail.MailSend")
  mailsend.CreateNew sender, "temp"

  ' 发信人名称
  mailsend.MailName = MailName

  ' 收件人邮件地址
  mailsend.EM_To = SendTo

  mailsend.EM_Subject = Subject
  mailsend.EM_Text = Text

  if HtmlFlag=1 then
    mailsend.EM_HTML_Text = TemplateHtml
    mailsend.useRichEditer = true
  end if

  if mailsend.Send() = false then
     SendEmail=SendTo&"邮件发送失败!"
  else
     SendEmail=SendTo&"邮件发送成功!"
  end if
  Set mailsend = Nothing
end function


'****************************************
'功能：过滤危险字符及返回标准内容
'程序：王浩
'时间：2004-04-13
'说明：
'函数名					功能
'CheckStr				过滤非法字符
'CheckInt				过滤ID类参数，可以用下面的也是一样，不过该函数已经封闭错误的可能，所以如果使用该函数，黑客应该很明白了，会主动放弃脚本攻击
'MyRequest				和CheckInt任意选一种，这个函数是诱导黑客的，给他假信息，让他摸不到头脑。
'****************************************
Function CheckStr(Str)
	Resultstr = Replace(Trim(Str), "'", "")
	Resultstr = Replace(Resultstr, ";", "")
	Resultstr = Replace(Resultstr, "-", "")
	Resultstr = Replace(Resultstr, "=", "")
	Resultstr = Replace(Resultstr, "<", "")
	Resultstr = Replace(Resultstr, ">", "")
	Resultstr = Replace(Resultstr, "(", "")
	Resultstr = Replace(Resultstr, ")", "")
	Resultstr = Replace(Resultstr, "[", "")
	Resultstr = Replace(Resultstr, "]", "")
	Resultstr = Replace(Resultstr, " ", "")
	Checkstr  = Resultstr
End Function

Function CheckInt(Str)
	Str=CheckStr(Str)
	If Isnumeric(Str)=False Then
		CheckInt=0
	Else
		If Int(Str)<0 Or Int(Str)>999999999 Then
			CheckInt=0
		Else
			CheckInt=Int(Str)
		End If
	End If
End Function


Function MyRequest(GetValue)
    GetValue=replace(GetValue,"'","’")
	if instr(lCase(GetValue),"select")>0 and instr(lCase(GetValue),"from")>0 then
		url=Request.ServerVariables("URL")
		response.write "OLE DB Provider for ODBC Drivers 错误 '80040e14' <br><br>"
		response.write "[ODBC Oracle Driver] 字符串的语法错误 在查询表达式 'from City where TabID="&GetValue&"' 中。 <br><br>"
		response.write URL&"，行"&len(url)&" "
		Response.end
	end if
	MyRequest=GetValue
End Function

'使用方法:
'CheckInt 函数的使用方法：
'假如你的页面有这样的连接 http://www.***.com/abc.asp?id=46
'那么在abc.asp中
'应该在开始的接收处改为以下形式
'If CheckInt(request("id"))=0 Then (跳转到错误页面) Else TheId=CheckInt(request("id"))

'MyRequest函数使用方法为：
'直接将参数改为以下形式
'TheId=MyRequest(request("id"))



function CheckOutPost()
'  Cnpv_System_Server_Path1=Cstr(Request.ServerVariables("HTTP_REFERER"))
 ' Cnpv_System_Server_Path2=Cstr(Request.ServerVariables("SERVER_NAME"))
 ' response.write "aa="&Cnpv_System_Server_Path1&"<br>bb="&Cnpv_System_Server_Path2&"<br>cc="&mid(Cnpv_System_Server_Path1,8,len(Cnpv_System_Server_Path2))
'  if mid(Cnpv_System_Server_Path1,8,len(Cnpv_System_Server_Path2))<>Cnpv_System_Server_Path2 then
  '  response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
'    response.write "<tr><td style=“font:9pt Verdana“>"
'    response.write "警告！你提交的路径有误，禁止从站点外部提交数据到泵阀交易网！"
 '   response.write "</td></tr></table></center>"
 '   response.end
 ' end if
end function
%>