conn.asp

1、可设置多个管理员。 2、后台有删除

<%
'防SQL注入
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
allquery=squery+sURL
if InStr(allquery,"%20")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%a1a1")<>0 or InStr(allquery,"%24")<>0 or InStr(allquery,"$")<>0 or InStr(allquery,"%3b")<>0 or InStr(allquery,";")<>0 or InStr(allquery,"%%")<>0 or InStr(allquery,"%3c")<>0 or InStr(allquery,"<")<>0 or InStr(allquery,">")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"sp_")<>0 or InStr(allquery,"xp_")<>0 or InStr(allquery,"exec")<>0 or InStr(allquery,"\")<>0 or InStr(allquery,"delete")<>0 or InStr(allquery,"dir")<>0 or InStr(allquery,"exe")<>0 or InStr(allquery,"select")<>0 or InStr(allquery,"Update")<>0 or InStr(allquery,"cmd")<>0 or InStr(allquery,"*")<>0 or InStr(allquery,"^")<>0 or InStr(allquery,"(")<>0 or InStr(allquery,")")<>0 or InStr(allquery,"+")<>0 or InStr(allquery,"copy")<>0 or InStr(allquery,"format")<>0 or not(isnumeric(request("id"))) then
	Response.Write"<meta http-equiv='refresh' content='1;URL=/'>"
Response.End
End If
%>
<%
dim conn,connstr,Title,Copyright
'网站基本信息
Title="乌蒙design幽默短信V1.0"      '网站标题
Copyright="<br>Copyright &copy; 2005－2007 <a target='_blank' href='http://www.wm126.com'>乌蒙design</a> All Rights Reserved"     '版权说明
on error resume next
connstr="DBQ="+server.mappath("#Date.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" '数据库连接地址
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr
%>