ASP+ACCESS查询结果带链接
如何实现ASP+ACCESS查询结果带链接,程序如下:需不需要库?用INDEX文件
<!--#include file="conn.asp"-->
<%
Function NoCSSHack(Str) '过滤非法字符,防止 XSS 注入
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Pattern = "<|>|(script)|on(mouseover|mouseon|mouseout|click|dblclick|blur|focus|change)|src|'|img|url|eval|\t"
If regEx.Test(LCase(Str)) Then
Response.Write "<script>alert('你的输入含有非法字符,请检查后再搜索!');history.back();</script>"
Response.End
End If
Set regEx = Nothing
NoCSSHack = Str
End Function
Function FormatHTML(fString) '过滤空格
If fString<>"" Then
fString = trim(fString)
fString = Replace(fString," ","")
fString = Replace(fString," ","")
FormatHTML = fString
End If
End Function
%>
<html>
<form action="search.asp">
<input type="text" name="q" />
<input type="submit" value="搜索" /> 关键词:<%=request("q")%>
</form>
<%
str=NoCSSHack(left(FormatHTML(Server.HTMLEnCode(request("q"))),20))
if str="" then
response.write "请输入关键词。"
else
for i=1 to len(str)
if i<>len(str) then
sql=sql&"FILETITLE not like '%"&str&"%' and FILETITLE like '%"&mid(str,i,2)&"%' or "
else
sql=sql&"FILETITLE like '%"&str&"%' and FILETITLE not like '%"&str&"%'"
end if
next
set rs=server.createobject("adodb.recordset")
sql="select *,1 from [INFO] where FILETITLE like '%"&str&"%' union select *,2 from [INFO] where "&sql&""
rs.open sql,conn,1,1
if rs.eof then
Response.Write "没有搜索到内容。"
else
do while not rs.eof
Response.Write rs("FILETITLE")
Response.Write "<br>"
rs.movenext
loop
end if
rs.close
end if
%>
</div>
</html>