region.asp

江西旅行网整站源码下载 希望对大家有用 经过测试 安全可用

<!--#include file="../Conn.asp"-->
<%

Dim Province
Province = ReplaceBadChar(Trim(Request("Province")))
If Province <> "" Then
    Call getCity(Province)
Else
    Call getProvince
End If

Function getProvince()
    Dim strTemp,strSql,rs
    strSql = "Select Province From PE_Province Order By ProvinceID"
    Call OpenConn
    Set rs = server.CreateObject("Adodb.recordset")
    rs.Open strSql, Conn, 1, 1
    Do While Not rs.EOF
        strTemp = strTemp & rs("Province") & ","
        rs.MoveNext
    Loop
    rs.Close
    Set rs = Nothing
    Call CloseConn
    Response.Write escape(strTemp)
End Function

Function getCity(ByVal Province)
    Dim strTemp,strSql,rs
    strSql = "Select DISTINCT City From PE_City Where Province='" & Province & "'"
    Call OpenConn
    Set rs = server.CreateObject("Adodb.recordset")
    rs.Open strSql, Conn, 1, 1
    Do While Not rs.EOF
        strTemp = strTemp & rs("City") & ","
        rs.MoveNext
    Loop
    rs.Close
    Set rs = Nothing
    Call CloseConn
    Response.Write escape(strTemp)
End Function

'**************************************************
'函数名：ReplaceBadChar
'作  用：过滤非法的SQL字符
'参  数：strChar-----要过滤的字符
'返回值：过滤后的字符
'**************************************************
Public Function ReplaceBadChar(strChar)
    If strChar = "" Or IsNull(strChar) Then
        ReplaceBadChar = ""
        Exit Function
    End If
    Dim strBadChar, arrBadChar, tempChar, i
    strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""
    arrBadChar = Split(strBadChar, ",")
    tempChar = strChar
    For i = 0 To UBound(arrBadChar)
        tempChar = Replace(tempChar, arrBadChar(i), "")
    Next
    tempChar = Replace(tempChar, "@@", "@")
    ReplaceBadChar = tempChar
End Function
%>