info.asp

轩圆学生信息管理系统 081029修正了成绩数据浏览时查看单个学生成绩时总分排名显示表格问题。 //===============================================

<!--#include file="config.asp"-->
<%
'==========SQL语句有害字符串检查=============
Function CheckStr(strChar)
    If strChar = "" Or IsNull(strChar) Then
        CheckStr = ""
        Exit Function
    End If
    Dim strBadChar, arrBadChar, tempChar, i
    strBadChar = "update,delete,where,and,or,select,char,create,drop,insert,=,+,',-,%,^,?,(,),<,>,[,],{,},;,:,"&Chr(34)&","&Chr(0)&""
    arrBadChar = Split(strBadChar, ",")
    tempChar = strChar
    For i = 0 To UBound(arrBadChar)
        tempChar = sR(tempChar, arrBadChar(i), "")
    Next
    tempChar = Replace(tempChar, "@@", "@")
    
	CheckStr = tempChar
End Function
Function RQuery(strQuery)
	Dim tmpQuery,strCheck,I
	strCheck = Array("ID","PAGE")
	tmpQuery = Request.QueryString(""&strQuery&"")
	For I = 0 To UBound(strCheck)
		If strCheck(i) = UCase(strQuery) Then
			If Not IsNumeric(tmpQuery) Then
				Response.Write "非法操作！"
				Response.End
			End If 
		End If 
	Next 
	tmpQuery = CheckStr(tmpQuery)

	RQuery = tmpQuery
End Function 
Function FQuery(strQuery)
	Dim tmpQuery
	tmpQuery = Request.Form(""&strQuery&"")
	tmpQuery = HTMLEncode(tmpQuery)

	FQuery = tmpQuery
End Function 
Function HTMLEncode(strTmp)
	if strTmp&""<>"" then
		Dim strHtml
		strHtml = strTmp
		strHtml = Replace(strHtml,"'","&#39;")
		HTMLEncode = strHtml
	else
		HTMLEncode = strTmp
	end if 
End Function
'======================错误显示过程=======================
Sub ShowErrs()
	Call PHead("系统信息")
	Print "<div align='center'>"
	Print "<div style='text-align:left;' class='lface'>"
	Print "<div class='thetitle'>系统信息</div>"
	Print "<hr size='1' color='#b8b8b8'/>"
	Print "<ol>系统出现错误，信息如下："
	Print "<li>错误代码：" & CStr(Err.Number) & ""
	Print "<li>错误描述：" & Err.Description & ""
	Print "<li>错误对像：" & Err.Source & ""
	Print "</ol>"
	Print "<div align='left' class='footcopy'>&copy;2007 XMSky</div>"
	Print "</div>"
	Print "</div>"
	Call HWaiting()
	Call PFoot()
	Err.Clear
	Response.End
End Sub

'---------------------------------
'检测客户端连接是否依然存在，如果不存在就立即终止程序的执行
'----------------------------------
Sub PageIfEnd()
	If Not Response.IsClientConnected Then Call CloseConn():Response.End
End Sub

'--------------------------------
'2005-7-29输出HTML代码，代替Response.Write
Sub Print(strHtml)
	Response.Write strHtml & vbCrLf
End Sub
'--------------------------------

Sub JavaScript(sStr)
	Print "<script type='text/javascript'>"&vbCrLf&"<!--"&vbCrLf&sStr&vbCrLf&"//-->"&vbCrLf&"</script>"
End Sub

'使用正则表达式对内容进行替换
'参数：原字符串，要替换的内容，替换后的内容
Function sR(oStr,rStr,nStr)
	Dim regEx						  ' 建立变量。
	Set regEx = New RegExp            ' 建立正则表达式。
	regEx.Pattern = "(" & sCo(rStr) & ")"               ' 设置模式。
	regEx.IgnoreCase = True          ' 设置忽略大小写。
	regEx.Global = True				  ' 设置全程性质。
	sR = regEx.Replace(oStr,nStr)         ' 作替换。
	Set regEx = Nothing
End Function

Function sCo(ByVal str)
	str = Replace(str, "\", "\\")
	str = Replace(str, "~", "\~")
	str = Replace(str, "!", "\!")
	str = Replace(str, "@", "\@")
	str = Replace(str, "#", "\#")
	str = Replace(str, "%", "\%")
	str = Replace(str, "^", "\^")
	str = Replace(str, "&", "\&")
	str = Replace(str, "*", "\*")
	str = Replace(str, "(", "\(")
	str = Replace(str, ")", "\)")
	str = Replace(str, "-", "\-")
	str = Replace(str, "+", "\+")
	str = Replace(str, "[", "\[")
	str = Replace(str, "]", "\]")
	str = Replace(str, "<", "\<")
	str = Replace(str, ">", "\>")
	str = Replace(str, ".", "\.")
	str = Replace(str, "/", "\/")
	str = Replace(str, "?", "\?")
	str = Replace(str, "=", "\=")
	str = Replace(str, "|", "\|")
	str = Replace(str, "$", "\$")
	sCo = str
End Function

'//----------记录日志----------------------
Sub SaveLog(UName,ModelName,strForEnd)
	On Error Resume Next
	Dim strSQL
	strSQL = "Insert into lgTable (姓名,模块,结果,来源,命令) values ('"&UName&"','"&ModelName&"','"&strForEnd&"','"&GetIP()&"','"&GetScriptName()&"')"
	oConn.Execute(strSQL)
	If Err then Err.Clear
End Sub

'//----取得用户当前IP地址--------------------
Function GetIP()
	Dim uIP
	uIP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
	If uIP = "" Then uIP = Request.ServerVariables("REMOTE_ADDR")
	GetIp = uIP
End Function

'//------取得当前程序脚本路径--------------
Function GetScriptName()
	Dim ScriptAddress
	ScriptAddress = ""
	'ScriptAddress = CStr(Request.ServerVariables("SCRIPT_NAME"))'取得当前地址
	If (Request.QueryString <> "") Then
	  ScriptAddress = ScriptAddress & Server.HTMLEncode(Request.QueryString)'取得带参数地址
	End If
	GetScriptName = ScriptAddress
End Function
%>