这个是我的conn文件,
是仿DVbbs的,
楼主拿去用吧。
<%
'防止SQL注入
dim urlnlu
urlnlu=LCase(Request.ServerVariables("QUERY_STRING"))
if instr(urlnlu,"select")>0 OR instr(urlnlu,"'")>0 OR instr(urlnlu,"mid")>0 OR instr(urlnlu,"master")>0 OR instr(urlnlu,"truncate")>0 OR instr(urlnlu,"declare")>0 OR instr(urlnlu,"between")>0 OR instr(urlnlu,"exec")>0 or instr(urlnlu,"where")>0 OR instr(urlnlu,"and")>0 OR instr(urlnlu,"not")>0 OR instr(urlnlu,"from")>0 OR instr(urlnlu,"sum")>0 OR instr(urlnlu,"avg")>0 OR instr(urlnlu,"max")>0 OR instr(urlnlu,"min")>0 OR instr(urlnlu,"delete")>0 OR instr(urlnlu,"insert")>0 OR instr(urlnlu,"table")>0 OR instr(urlnlu,"update")>0 OR instr(urlnlu,";")>0 OR instr(urlnlu,"<>")>0 OR instr(urlnlu,">")>0 OR instr(urlnlu,"<")>0 OR instr(urlnlu,"|")>0 OR instr(urlnlu,"top")>0 OR instr(urlnlu,">=")>0 OR instr(urlnlu,"<=")>0 OR instr(urlnlu,"%")>0 OR instr(urlnlu,"len")>0 OR instr(urlnlu,"chr")>0 OR instr(urlnlu,"backup")>0
OR instr(urlnlu,"+")>0 OR instr(urlnlu,"'")>0 OR instr(urlnlu,")")>0 OR instr(urlnlu,"(")>0 OR instr(urlnlu,"*")>0 OR instr(urlnlu,",")>0 OR instr(urlnlu,chr(32))>0 then
response.Write("请勿手动修改URL参数!")
response.end
end if
'数据库连接开始
Dim conn, MM_conn_STRING
'定义数据库类别,1为SQL数据库,0为Access数据库
Const IsSqlDataBase=1
If IsSqlDataBase=1 Then
'sql数据库连接参数:数据库名、用户密码、用户名、连接名(本地用local,外地用IP)
Dim SqlDatabaseName,SqlPassword,SqlUsername,SqlLocalName
SqlDatabaseName="你的数据库名"
SqlPassword="密码"
SqlUsername="用户名"
SqlLocalName="(local)"
MM_conn_STRING = "Provider=Sqloledb; User ID=" & SqlUsername & "; Password=" & SqlPassword & "; Initial Catalog = " & SqlDatabaseName & "; Data Source=" & SqlLocalName & ";"
Else
Dim Db
Db="data/data.mdb"
MM_conn_STRING = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(Db)
End If
On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
conn.open MM_conn_STRING
If Err Then
err.Clear
Set conn = Nothing
Response.Write "Database connection error, please check the connection string."
Response.End()
End If
%>
