conn.asp

是个不错的文件代码,希望大家好好用,

<%
dim fy_url,fy_a,fy_x,fy_cs(),fy_cl,fy_ts,fy_zx

fy_cl = 1  '处理方式：1=提示信息,2=转向页面,3=先提示再转向
fy_zx = "error.asp" '出错时转向的页面

on error resume next
fy_url=request.servervariables("query_string")
fy_a=split(fy_url,"&")
redim fy_cs(ubound(fy_a))
on error resume next
for fy_x=0 to ubound(fy_a)
fy_cs(fy_x) = left(fy_a(fy_x),instr(fy_a(fy_x),"=")-1)
next
for fy_x=0 to ubound(fy_cs)
if fy_cs(fy_x)<>"" then
if instr(lcase(request(fy_cs(fy_x))),"'")<>0 or instr(lcase(request(fy_cs(fy_x))),"and")<>0 or instr(lcase(request(fy_cs(fy_x))),"select")<>0 or instr(lcase(request(fy_cs(fy_x))),"update")<>0 or instr(lcase(request(fy_cs(fy_x))),"chr")<>0 or instr(lcase(request(fy_cs(fy_x))),"delete")<>0 or instr(lcase(request(fy_cs(fy_x))),";")<>0 or instr(lcase(request(fy_cs(fy_x))),"insert")<>0then
select case fy_cl
  case "1"
response.write "<script language=javascript>alert('                   出现错误！参数 "&fy_cs(fy_x)&" 的值中包含非法字符串！\n\n  请不要在参数中出现：;,and,select,update,insert,delete,chr 等非法字符！');window.close();</script>"
  case "2"
response.write "<script language=javascript>location.href='"&fy_zx&"'</script>"
  case "3"
response.write "<script language=javascript>alert('                   出现错误！参数 "&fy_cs(fy_x)&"的值中包含非法字符串！\n\n  请不要在参数中出现：;,and,select,update,insert,delete,chr 等非法字符！');location.href='"&fy_zx&"';</script>"
end select
response.end
end if
end if
next
%><%  
set conn = server.createobject("adodb.connection")  
dbpath = server.mappath("meigui8.cn_data.mdb")  
conn.open "driver={microsoft access driver (*.mdb)};dbq=" & dbpath  
%>