conn.asp

国内第一数字点卡销售程序。功能强大。 完整无错！数据文件经MD5加密！经严格测试

<%
dim conn, connstr, db
merchant="004291"   
merpassword="bbmmddwoainimenmingxingjiazu"  
startime=timer()
UserAgent = Trim(Lcase(Request.Servervariables("HTTP_USER_AGENT")))
If InStr(UserAgent,"teleport") > 0 or InStr(UserAgent,"webzip") > 0 or InStr(UserAgent,"flashget")>0 or InStr(UserAgent,"offline")>0 Then
	Response.Write "请不要采用teleport/Webzip/Flashget/Offline等工具来浏览商城！"
	Response.End
End If

Session.Timeout=15
if request("b_rules")=1 then
Response.Buffer = True
else
Response.Buffer = True 
Response.ExpiresAbsolute = Now() - 1 
Response.Expires = 0 
Response.CacheControl = "no-cache" 
end if

db="inc/#yzkaba#.asp"
connStr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(db)
'如果您的服务器采用较老版本Access驱动，请用下面连接方法
'connstr="driver={Microsoft Access Driver (*.mdb)};dbq=" & Server.MapPath(db)
set conn=server.createobject("ADODB.CONNECTION")
ON ERROR RESUME NEXT
	if err.number<>0 then 
		err.clear
		set conn=nothing
		response.write "数据库连接出错！"
		Response.End
	else

		conn.open connstr
		if err then 
			err.clear
			set conn=nothing
			response.write "数据库连接出错！"
			Response.End 
		end if
	end if   

	Function srequest(ParaName,ParaType) 
	Dim ParaValue 
	ParaValue=ParaName 
	If ParaType=1 then 
		If not isNumeric(ParaValue) then 
			Response.write "参数" & ParaName & "必须为数字型！" 
			Response.end 
		End if 
    else
	    ParaValue=replace(ParaValue,"'","''")
		ParaValue=replace(ParaValue,"'","’")
		ParaValue=replace(ParaValue,";","；")
		ParaValue=replace(ParaValue,">","》")
		ParaValue=replace(ParaValue,"<","《")
		ParaValue=replace(ParaValue,"=","＝")
		ParaValue=replace(ParaValue,"%","％")
		ParaValue=replace(ParaValue,",","，")
		ParaValue=replace(ParaValue,".","。")
		ParaValue=replace(ParaValue,"@","￥")
		ParaValue=replace(ParaValue,"*","＊")
		ParaValue=replace(ParaValue,"?","？")
		ParaValue=replace(ParaValue,"(","（")
		ParaValue=replace(ParaValue,")","）")
		ParaValue=replace(ParaValue,"#","＃")
		ParaValue=replace(ParaValue,"!","！")
		ParaValue=Lcase(ParaValue)
If Instr(ParaValue,"select%20") or Instr(ParaValue,"insert%20") or Instr(ParaValue,"delete%20from") or Instr(ParaValue,"count(") or Instr(ParaValue,"drop%20table") or Instr(ParaValue,"update%20") or Instr(ParaValue,"truncate%20") or Instr(ParaValue,"asc(") or Instr(ParaValue,"mid(") or Instr(ParaValue,"char(") or Instr(ParaValue,"xp_cmdshell") or Instr(ParaValue,"exec%20master") or Instr(ParaValue,"net%20localgroup%20administrators")  or Instr(ParaValue,":") or Instr(ParaValue,"net%20user") or Instr(ParaValue,"'") or Instr(ParaValue,"%20or%20") then
            Response.write "参数" & ParaName & "有问题！" 
			Response.end 
	    end if
	    ParaValue=replace(ParaValue,"'","''")
	    ParaValue=replace(ParaValue,"%","")
	End if 
	srequest=ParaValue
	End function
%>