📄 cls_main.asp
字号:
<%
Query_Badword="'∥and∥select∥update∥chr∥delete∥%20from∥;∥insert∥mid∥master.∥set∥chr(37)∥="
'--判断是否到期
Public Function isover(id)
nowday=date()
sql="select DATEDIFF(day,'"&nowday&"',end_time) from oa_company where id="&id
set rs=conn.execute(sql)
if not rs.eof then
d=rs(0)
if d<=0 then
isover=False
else
isover=True
end if
end if
rs.close
set rs=nothing
end function
'执行SQL语句
Public Function ExeSql(Command)
Chk_badword=split(Query_Badword,"∥")
for i=0 to ubound(Chk_badword)
if instr(command,Chk_badword(i)) then
'Response.Write "<script>alert('演示程序,不允许数据操作');history.back(1)</script>"
exit for
end if
next
If Not IsObject(Conn) Then OpenConn
If IsDeBug = 0 Then
On Error Resume Next
Set ExeSql = Conn.Execute(Command)
If Err Then
err.Clear
Set Conn = Nothing
Response.Write "查询数据的时候发现错误,请检查您的查询代码是否正确。<br /><li>"
Response.Write Command
Response.End
End If
Else
Set ExeSql = Conn.Execute(Command)
End If
SqlQueryNum = SqlQueryNum+1
End Function
'执行Execute语句
sub OpenRs(vrs,vsql,vnum)
Chk_badword=split(Query_Badword,"∥")
for i=0 to ubound(Chk_badword)
if instr(vsql,Chk_badword(i)) then
'Response.Write "<script>alert('演示程序,不允许数据操作');history.back(1)</script>"
exit for
end if
next
On Error Resume Next
If Not IsObject(Conn) Then OpenConn
Set vrs=Server.CreateObject("ADODB.RecordSet")
vrs.open vsql,conn,1,vnum
If Err Then
err.Clear
Response.Write "查询数据的时候发现错误,请检查您的查询代码是否正确。<br /><li>"
Response.Write vsql
Response.End
end if
SqlQueryNum = SqlQueryNum+1
End sub
sub CloseRs(vrs)
vrs.close
set vrs=nothing
End sub
'-------------------------------------------------------------------------------------
'弹出对话框
Sub Message(msg,go)
Response.Write "<script language='javascript'>alert('" & msg & "');"
if go <> "" then
if go = "back" then
Response.Write "history.back();"
else
Response.Write "location = '" & go & "';"
end if
end if
Response.Write "</script>"
End Sub
'-------------------------------------------------------------------------------------
'服务器变量
Function Servers(varName)
Servers = Request.ServerVariables(varName)
End Function
'-------------------------------------------------------------------------------------
'URL编码
Function UrlEncode(urlString)
UrlEncode = Server.URLEncode(urlString)
End Function
'-------------------------------------------------------------------------------------
'输出文本
Sub Echo(HtmlString)
Response.Write(HtmlString)
End Sub
'-------------------------------------------------------------------------------------
'输出文本行
Sub EchoLine(HtmlString)
Response.Write(HtmlString & "<br>")
End Sub
'-------------------------------------------------------------------------------------
'结束退出
Sub EndExit()
Call CloseConn
Response.End
End Sub
'=============================================================
'函数名:SqltoAccessDate
'作 用:SQL时间格式和Access时间格式转换
'参 数:str ----原字符串
'返回值:转换后的字符串
'=============================================================
Public Function SqltoAccessDate(ByVal str)
if isSqlDataBase=0 then
SqltoAccessDate=replace (str,"'","#")
else
SqltoAccessDate=replace (str,"#","'")
end if
End Function
'===================检查数字===================
'-------------------------------------------------------------------------------------
'格式化数字
Function CNum(number)
If number <> "" And IsNumeric(number) Then
num = number
Else
num = 0
End If
CNum = FormatNumber(num,2,True,False,False)
End Function
'返回布尔值true False
Public Function ChkBoolean(ByVal Values)
If TypeName(Values) = "Boolean" Or IsNumeric(Values) Or LCase(Values) = "false" Or LCase(Values) = "true" Then
ChkBoolean = CBool(Values)
Else
ChkBoolean = False
End If
End Function
'不是数字时返回0
Public Function CheckNumeric(ByVal CHECK_ID)
If CHECK_ID <> "" And IsNumeric(CHECK_ID) Then
CHECK_ID = CCur(CHECK_ID)
Else
CHECK_ID = 0
End If
CheckNumeric = CHECK_ID
End Function
'不是数字时返回0,
Public Function ChkNumeric(ByVal CHECK_ID)
If CHECK_ID <> "" And IsNumeric(CHECK_ID) Then
CHECK_ID = CLng(CHECK_ID)
If CHECK_ID < 0 Then CHECK_ID = 0
Else
CHECK_ID = 0
End If
ChkNumeric = CHECK_ID
End Function
'检查字符串,过滤“'”
Public Function CheckStr(ByVal str)
If IsNull(str) Then
CheckStr = ""
Exit Function
End If
str = Replace(str, Chr(0), "")
CheckStr = Replace(str, "'", "''")
End Function
'================================================
'过程名:CheckNull
'作 用:是否有效值
'================================================
'返回布尔值true False
Public Function CheckNull(ByVal sValue)
On Error Resume Next
If IsNull(sValue) Then
CheckNull = False
Exit Function
End If
If Trim(sValue) <> "" And LCase(Trim(sValue)) <> "http://" Then
CheckNull = True
Else
CheckNull = False
End If
End Function
'null 返回 空
Public Function ChkNull(ByVal str)
On Error Resume Next
If IsNull(str) Then
ChkNull = ""
Exit Function
End If
If Trim(str) <> "" And LCase(Trim(str)) <> "http://" Then
ChkNull = Trim(str)
Else
ChkNull = ""
End If
End Function
Private Function getIP()
Dim strIPAddr
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" Or InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
strIPAddr = Request.ServerVariables("REMOTE_ADDR")
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
Else
strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
End If
getIP = Replace(Trim(Mid(strIPAddr, 1, 30)), "'", "")
End Function
'=============================================================
'函数名:ChkFormStr
'作 用:过滤表单字符
'参 数:str ----原字符串
'返回值:过滤后的字符串
'=============================================================
Public Function ChkFormStr(ByVal str)
Dim fString
fString = str
If IsNull(fString) Then
ChkFormStr = ""
Exit Function
End If
fString = Replace(fString, "'", "'")
fString = Replace(fString, Chr(34), """)
fString = Replace(fString, Chr(13), "")
fString = Replace(fString, Chr(10), "")
fString = Replace(fString, Chr(9), "")
fString = Replace(fString, ">", ">")
fString = Replace(fString, "<", "<")
fString = Replace(fString, "%", "%")
ChkFormStr = Trim(JAPEncode(fString))
End Function
'=============================================================
'函数作用:过滤SQL非法字符
'=============================================================
Public Function CheckRequest(ByVal str,ByVal strLen)
On Error Resume Next
str = Trim(str)
str = Replace(str, Chr(0), "")
str = Replace(str, "'", "")
str = Replace(str, "%", "")
str = Replace(str, "^", "")
str = Replace(str, ";", "")
str = Replace(str, "*", "")
str = Replace(str, "<", "")
str = Replace(str, ">", "")
str = Replace(str, "|", "")
str = Replace(str, "and", "")
str = Replace(str, "chr", "")
str = Replace(str, "@", "")
str = Replace(str, "$", "")
If Len(str) > 0 And strLen > 0 Then
str = Left(str, strLen)
End If
CheckRequest = str
End Function
Public Function CheckBadstr(str)
If IsNull(str) Then
CheckBadstr = vbNullString
Exit Function
End If
str = Replace(str, Chr(0), vbNullString)
str = Replace(str, Chr(34), vbNullString)
str = Replace(str, "%", vbNullString)
str = Replace(str, "@", vbNullString)
str = Replace(str, "!", vbNullString)
str = Replace(str, "^", vbNullString)
str = Replace(str, "=", vbNullString)
str = Replace(str, "--", vbNullString)
str = Replace(str, "$", vbNullString)
str = Replace(str, "'", vbNullString)
str = Replace(str, ";", vbNullString)
CheckBadstr = Trim(str)
End Function
'-- 移除有害字符
Public Function RemoveBadCharacters(ByVal strTemp)
Dim re
On Error Resume Next
Set re = New RegExp
re.Pattern = "[^\s\w]"
re.Global = True
RemoveBadCharacters = re.Replace(strTemp, "")
Set re = Nothing
End Function
'-- 去掉HTML标记
Public Function RemoveHtml(ByVal Textstr)
Dim Str,re
Str = Textstr
On Error Resume Next
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "<(.[^>]*)>"
Str = re.Replace(Str, "")
Set re = Nothing
RemoveHtml=Str
End Function
'================================================
'过程名:GetSiteUrl
'作 用:取得带端口的URL
'================================================
Public Function GetSiteUrl()
If Request.ServerVariables("SERVER_PORT") = "80" Then
GetSiteUrl = "http://" & Request.ServerVariables("server_name")
Else
GetSiteUrl = "http://" & Request.ServerVariables("server_name") & ":" & Request.ServerVariables("SERVER_PORT")
End If
End Function
Public Function GetSiteUrlName()
GetSiteUrlName =Request.ServerVariables("URL")
End Function
Public Function GetSiteUrlQu()
GetSiteUrlQu =Request.ServerVariables("QUERY_STRING")
End Function
'================================================
'函数名:FormEncode
'作 用:过虑提交的表单数据
'参 数:str ----原字符串 n ----字符长度
'================================================
Public Function FormEncode(ByVal str, ByVal n)
If Not IsNull(str) And Trim(str) <> "" Then
str = Left(str, n)
str = Replace(str, ">", ">")
str = Replace(str, "<", "<")
str = Replace(str, ">", ">")
str = Replace(str, "<", "<")
str = Replace(str, "'", "'")
str = Replace(str, Chr(34), """)
str = Replace(str, "%", "%")
str = Replace(str, vbNewLine, "")
FormEncode = Trim(str)
Else
FormEncode = ""
End If
End Function
'================================================
'函数名:ChkKeyWord
'作 用:过滤关键字
'参 数:keyword ----关键字
'================================================
Public Function ChkKeyWord(ByVal keyword)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -