我的ASP通用連接頁面(conn.asp)

我的ASP通用連接頁面(conn.asp)

引言:
        通常ASP技術架構的網站,至少要做三件事:一、建立數據庫連接;二、過濾地址中非法字串;三、錯誤信息顯示。以下代碼就是完成這三件事的實例:
< ! --  metadata type  = " typelib "  file = " C:\Program Files\Common Files\SYSTEM\ADO\msado15.dll " -->
< %
dim  conn,connstr

checkquerystring                    
' 調用“檢測傳入字符合法性”過程

' ========================    '打開連接    =========================
sub  openconn
    
On   Error   Resume   Next                             
    
dim  db

    
Set  conn  =  Server. CreateObject ( " ADODB.Connection " )
    connstr
=   " Provider=SQLOLEDB.1;Persist Security Info=False;User ID=sa;Initial Catalog= "   +session ( " Catalog " ) +   " ;Data Source=(local);pwd= "     
        ' Session("catalog")變量用於構建多個後台數據庫連接

    
if  conn.state = adStateClosed  then
        conn.open connstr
        
if  Err  then  
            
call  ErrorMsg( 7
            response.
end  
        
end   if
    
end   if
end sub
' ========================    end sub    ==========================


' ========================    '關閉連接    =========================
sub  closeconn                
    
if  conn.state = adStateOpen  then
        conn.close
    
end   if
    
set  conn = nothing
end sub
' ========================    end sub    ==========================


' ========================    檢測傳入字符合法性    ================= sub  checkquerystring
    
dim  qs,errc,iii
    qs
= request.servervariables( " query_string " )
    
dim  nothis( 18
    nothis(
0 ) = " net user "  
    nothis(
1 ) = " xp_cmdshell "  
    nothis(
2 ) = " /add "  
    nothis(
3 ) = " exec%20master.dbo.xp_cmdshell "  
    nothis(
4 ) = " net localgroup administrators "  
    nothis(
5 ) = " select "  
    nothis(
6 ) = " count "  
    nothis(
7 ) = " asc "  
    nothis(
8 ) = " char "  
    nothis(
9 ) = " mid "  
    nothis(
10 ) = " ' "  
    nothis(
11 ) = " : "  
    nothis(
12 ) = " "" "  
    nothis(
13 ) = " insert "  
    nothis(
14 ) = " delete "  
    nothis(
15 ) = " drop "  
    nothis(
16 ) = " truncate "  
    nothis(
17 ) = " from "  
    nothis(
18 ) = " drop "  
    errc
= false  
    
for  iii =   0   to   ubound (nothis) 
        
if   instr (qs,nothis(iii)) <> 0   then  
            errc
= true  
        
end   if  
    
next  
    
if  errc  then  
        ErrorMsg(
8 )  
    
end   if  
end sub
' ======================    end sub    ============================


' =====================     轉向錯誤信息頁面    =====================
sub  ErrorMsg(id)
    Response.Redirect(
" ../error.asp?Errorid= "   & id)
    Response.
End
end sub
' =====================    end sub    =============================
% >
        

       

你可能感兴趣的:(asp)