我的ASP通用連接頁面(conn.asp)(zz)
我的ASP通用連接頁面(conn.asp) |
| 引言: |
| 通常ASP技術架構的網站,至少要做三件事:一、建立數據庫連接;二、過濾地址中非法字串;三、錯誤信息顯示。以下代碼就是完成這三件事的實例:
|
 <!-- metadata type ="typelib" file="C:\Program Files\Common Files\SYSTEM\ADO\msado15.dll"-->
<%
dim conn,connstr
checkquerystring '調用“檢測傳入字符合法性”過程
'======================== '打開連接 =========================
sub openconn
On Error Resume Next
dim db
Set conn = Server.CreateObject("ADODB.Connection")
connstr= "Provider=SQLOLEDB.1;Persist Security Info=False;User ID=sa;Initial Catalog=" +session("Catalog")+ ";Data Source=(local);pwd="
'Session("catalog")變量用於構建多個後台數據庫連接
if conn.state=adStateClosed then
conn.open connstr
if Err then
call ErrorMsg(7)
response.end
end if
end if
end sub
'======================== end sub ==========================
'======================== '關閉連接 =========================
sub closeconn
if conn.state=adStateOpen then
conn.close
end if
set conn=nothing
end sub
'======================== end sub ==========================
'======================== 檢測傳入字符合法性 =================sub checkquerystring
dim qs,errc,iii
qs=request.servervariables("query_string")
dim nothis(18)
nothis(0)="net user"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="net localgroup administrators"
nothis(5)="select"
nothis(6)="count"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)=":"
nothis(12)=""""
nothis(13)="insert"
nothis(14)="delete"
nothis(15)="drop"
nothis(16)="truncate"
nothis(17)="from"
nothis(18)="drop"
errc=false
for iii= 0 to ubound(nothis)
if instr(qs,nothis(iii))<>0 then
errc=true
end if
next
if errc then
ErrorMsg(8)
end if
end sub
'====================== end sub ============================
'===================== 轉向錯誤信息頁面 =====================
sub ErrorMsg(id)
Response.Redirect("../error.asp?Errorid=" &id)
Response.End
end sub
'===================== end sub =============================
%>
|
浙公网安备 33010602011771号