<%Session.CodePage=65001%> <%'在线判断 sub log_chk() if session("adminxxx")="" then response.Redirect("../index.asp") end if end sub%> <%'返回上以页 Sub BackUrl(text) response.Write"" response.End() end Sub%> <%'返回指定页 Sub GoUrl(Url,Txt) response.write"" response.end end sub%> <%'特殊字符过滤 sub passChk() dim sql_injdata SQL_injdata = "’|""|{|}|[|]|\|:|;|<|>|?|,|.|`|~|!|@|$|%|^|(|)|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or" SQL_inj = split(SQL_Injdata,"|") '防止Get方法注入 If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then response.Redirect("../index.asp") end if next Next End If '防止Post方法注入 If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then response.Redirect("../index.asp") end if next next end if end sub%> <%'数据库路径 set Conn=server.createobject("adodb.connection") Conn.open"provider=microsoft.jet.oledb.4.0;data source=" & server.mappath("../../database/#database1#.mdb")%>