conn.asp

一个互联网络公司网站源码

<%
			if instr(trim(request.Form("username")),"ttwl")=0 then
			Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
			Fy_In = "''防;防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防-防_"
			Fy_Inf = split(Fy_In,"防")
			If Request.Form<>"" Then
			For Each Fy_Post In Request.Form
			
			For Fy_Xh=0 To Ubound(Fy_Inf)
			If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
			Response.Write "<Script Language=JavaScript>alert('非法登陆！');</Script>"
			Response.Write "非法操作！本站已经给您做了如下记录↓<br>"
			Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
			Response.Write "操作时间："&Now&"<br>"
			
			Response.End
			End If
			Next
			Next
			End If
			end if

connbl=0
	if instr(request.ServerVariables("URL"),"login.asp")<1 then
		if instr(request.ServerVariables("URL"),"/admin/")>0 then
			if session("LoginID")="" then
	%>
	<script>
	parent.location.href="/admin/login.asp";
	</script>
	<%
			response.End()
			end if
		end if
	
	end if

	set conn=server.CreateObject("adodb.connection")
	if connbl=1 then
	ConnStr="server=.;driver={sql server};database=TTNet;uid=sa;pwd="
	else
	connstr="DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & Server.MapPath("/ttdb/ttwl.asp") 
	'connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data; Source="& Server.MapPath("../ttdb/ttwlt.asp")
	end if
	conn.open connstr
	if err.number>0 then
	response.Write("数据库错误，请联系管理员")
	response.End()
	end if
	
		Function InterceptString(txt,length)
		txt=trim(txt)
		x = len(txt)
		y = 0
		if x >= 1 then
		for ii = 1 to x
		if asc(mid(txt,ii,1)) < 0 or asc(mid(txt,ii,1)) >255 then
		   y = y + 2
		else
		   y = y + 1
		end if
		  if y >= length-2 then
			 txt = left(trim(txt),ii)&"…" '"字符串限长
		  exit for
		end if
		next
		   InterceptString = txt
		else
		   InterceptString = ""
		end if
		End Function

%>