防注入管理页出错!高手帮忙!
点击页面后提示“暂无内容”别的什么都不显示!===================================================
相对页面代码
<!--#include file="config.asp"-->
<!--#include file="code.asp"-->
<%
AdminName = ReplaceBadChar(Trim(Request.Cookies(webkey)("AdminName")))
AdminPassword = ReplaceBadChar(Trim(Request.Cookies(webkey)("AdminPassword")))
RndPassword = ReplaceBadChar(Trim(Request.Cookies(webkey)("RndPassword")))
If AdminName = "" Or AdminPassword = "" Or RndPassword = "" Then
Response.Redirect "admin_MUadmin_login.asp"
End If
%>
<%
Server.ScriptTimeout =500
Action = Request("Action")
dbSql="data/Sql.mdb" '防注入程序数据库路径。如果路径变动,请修改此处。
dim conn,connstr
'On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(dbsql)
conn.Open connstr
If Err Then
err.Clear
Set conn = Nothing
Response.Write "数据库连接出错,请检查连接字串。"
Response.End
End If
If Action="del" Then
Call Delip()
ElseIf Action="lock" Then
Call lockIP()
ElseIf Action="ulock" Then
Call ulockip()
Else
Call Main()
End If
Sub Delip()
dim id
id = clng(request("id"))
conn.execute("delete from SqlIn where id="&id)
Call Main()
End sub
Sub Lockip()
id = clng(request("id"))
conn.execute("update SqlIn set Kill_ip=true where id="&id)
Call Main()
End sub
Sub ulockip()
id = clng(request("id"))
conn.execute("update SqlIn set Kill_ip=False where id="&id)
Call Main()
End sub
Sub Main()
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft FrontPage 4.0">
<meta HTTP-EQUIV="Content-Type" content="text/html; charset=gb2312">
<LINK href="images/user_style.css" rel=stylesheet>
<title><%=webname%></title>
</head>
<link rel="stylesheet" type="text/css" href="image/style.css">
<body leftMargin=0 bgcolor="#EFEFEF" topMargin=15>
<table width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#666666">
<tr align=center bgcolor=#efefef>
<%
sql="select * from SqlIn order by id desc"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write "暂无内容"
else
'分页的实现
listnum=10
Rs.pagesize=listnum
page=Request("page")
if (page-Rs.pagecount) > 0 then
page=rs.pagecount
elseif page = "" or page < 1 then
page = 1
end if
rs.absolutepage=page
'编号的实现
j=rs.recordcount
j=j-(page-1)*listnum
i=0
nn=request("page")
if nn="" then
n=0
else
nn=nn-1
n=listnum*nn
end if%>
<td>编号</td>
<td><font color=red>操作IP</font></td>
<td>是否锁定</td>
<td>操作页面</td>
<td>操作时间</td>
<td>提交方式</td>
<td>提交参数</td>
<td>提交数据</td>
<td>操作</td>
</tr>
<%do while not rs.eof and i<listnum
n=n+1%>
<tr align=center bgcolor="#FFFFFF" onmouseover=javascript:this.bgColor='#EFEFEF' onmouseout=javascript:this.bgColor='#FFFFFF'>
<td><%=n%></td>
<td><%=rs("SqlIn_IP")%>
</td>
<td><% if rs("Kill_ip")=true then
response.write "<font color='red'>已锁定</font>"
else
response.write "<font color='green'>未锁定</font>"
end if
%></td>
<td><%=rs("SqlIn_WEB")%></td>
<td><%=rs("SqlIn_TIME")%></td>
<td><%=rs("SqlIn_FS")%></td>
<td><%=rs("SqlIn_CS")%></td>
<td><%=rs("SqlIn_SJ")%></td>
<td><a href=<%=URL%>?action=del&id=<%=rs("id")%>>删除</a>
<% if rs("Kill_ip")=false then
response.write "<a href=admin_sql.asp?action=lock&id="&rs("id")&">锁定IP</a>"
else
response.write "<a href=admin_sql.asp?action=ulock&id="&rs("id")&">解锁IP</a>"
end if
%>
</td>
</tr>
<%rs.movenext
i=i+1
j=j-1
loop%>
<tr bgcolor="#FFFFFF">
<%filename=URL%>
<td colspan=9 align=right><%=Rs.recordcount%> 条记录 <%=listnum%> 条记录/页 共 <%=rs.pagecount%> 页
<% if page=1 then %>
<%else%>
<a href=<%=filename%>><strong>|<<</strong></a>
<a href=<%=filename%>?page=<%=page-1%>><strong><<</strong></a>
<a href=<%=filename%>?page=<%=page-1%>><b>[<%=page-1%>]</b></a>
<%end if%><% if rs.pagecount=1 then%><%else%><b>[<%=page%>]</b><%end if%>
<% if rs.pagecount-page <> 0 then %>
<a href=<%=filename%>?page=<%=page+1%>><b>[<%=page+1%>]</b></a>
<a href=<%=filename%>?page=<%=page+1%>><strong>>></strong></a>
<a href=<%=filename%>?page=<%=rs.pagecount%>><strong>>>|</strong></a>
<%end if%></td>
<%end if%></tr>
</table>
</body>
</html>
<%
end sub
%>
[ 本帖最后由 apyahoo 于 2010-5-27 16:35 编辑 ]