28,390
社区成员
发帖
与我相关
我的任务
分享
<%
'On Error Resume Next
Function ValidSQL()
ValidSQL = True
Dim Invalid
Dim Server_From
Dim Server_Now
Dim Collection
Invalid = split( "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare","|")
Server_From = Cstr(Request.ServerVariables("HTTP_REFERER"))
Server_Now = Cstr(Request.ServerVariables("SERVER_NAME"))
Set Collection = Request.QueryString
If Len(Collection)>4 Then
For Each Arg In Collection
For I=0 To Ubound(Invalid)
If Instr(Collection(Arg),Invalid(I))>0 Then
ValidSQL = false
Exit For
End If
Next
If ValidSQL = False Then
Response.Write( "输入中包含非法字符,请重新输入! ")
Response.End()
Exit For
End If
Next
End If
End Function
Call ValidSQL()
DataURL = "E:\2008项目\大家房产\DB\q2@oie$tu2mko@$pi9u#r5&xzcv@.mdb"
'Strsql = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & DataURL
Strsql = "driver={Microsoft Access Driver (*.mdb)};dbq=" & DataURL
set dbconn=server.createobject("ADODB.CONNECTION")
dbconn.open Strsql
%>
<%
Set Rs=Server.CreateObject ("ADODB.Recordset")
StrSQL="SELECT Top 7 * FROM House WHERE House_Sort='出租'and State=True ORDER BY S_ID DESC"
Rs.Open StrSQL,Dbconn,1,1
Do Until Rs.EOF
If Rs.BookMark Mod 2 Then
TempColor="#f5f6f0"
Else
TempColor="#FFFFFF"
End If
%>