当前位置: 首页 > 图文教程 > 网络编程 > ASP > 不通过数据源完全控制MDB数据库

ASP
用ASP做一个分页程序
用ASP实现网站的“目录树”管理
网页在线人数统计的做法
用ASP生成Chart
用ASP构建你的网站新闻发布(一)
用ASP构建你的网站新闻发布(三)
如何处理ASP中的图象
用ASP编写计数器
ASP防盗链及防下载的方法
ASP数据类型
ASP组件中的安全问题
ASP漏洞集-ASP漏洞分析和解决方法
ASP漏洞集-Carello Web 使 ASP 源码暴露(APP,缺陷)
ASP漏洞集-MS IIS server的ASP安全缺陷(MS,缺陷)
ASP漏洞集-MS IIS虚拟主机ASP源码泄露(MS,缺陷)
ASP漏洞集-给你的FileSystemObject对象加把锁
ASP漏洞集-通过asp入侵web server,窃取文件毁坏系统
ASP漏洞集-MS IIS server/Frontpage Ext Server
ASP漏洞集-虚拟web目录容易泄露ASP源代码 (MS,缺陷)
ASP漏洞集-用ASP实现网页保密的两种方法

ASP 中的 不通过数据源完全控制MDB数据库


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-11-03   浏览: 67 ::
收藏到网摘: n/a

<%

' BEGIN USER CONSTANTS

' To just use a DSN, the format is shown on the next line:

'Const DSN_NAME = "DSN=ASP101email"

' Two other samples I used it with.  Left in as syntax examples for DSN-less connections

'Const DSN_NAME = "DBQ=C:\InetPub\wwwroot\asp101\samples\database.mdb;Driver={Microsoft Access Driver (*.mdb)};DriverId=25"

'Const DSN_NAME = "DBQ=C:\InetPub\database\donations.mdb;Driver={Microsoft Access Driver (*.mdb)};DriverId=25"

 

Dim DSN_NAME

DSN_NAME = "DBQ=" & Server.MapPath("db_dsn.mdb") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;"

Const DSN_USER = "username"

Const DSN_PASS = "password"

' Ok, I know these are poorly named constants, so sue me!

' This script can be used without actually setting up a DSN, so

' DSN_NAME as well as the other two constants should really be named

' something more generic like CONNECTION_STRING, CONNECTION_USER, and

' CONNECTION_PASS, but I did it this way without really thinking about

' it and I'm too lazy to change it now.  If it bothers you, you do it!

' END USER CONSTANTS

 

' BEGIN SUBS & FUNCTIONS SECTION

Sub OpenConnection

Set objDC = Server.CreateObject("ADODB.Connection")

objDC.ConnectionTimeout = 15

objDC.CommandTimeout = 30

objDC.Open DSN_NAME, DSN_USER, DSN_PASS

End Sub

 

Sub OpenRecordset(sType)

Dim sSqlString ' as String - building area for SQL query

Dim sCritOperator ' as String - basically "=" or "LIKE"

Dim sCritDelimiter ' as String - parameter delimiter "", "'", or "#"

 

Set objRS = Server.CreateObject("ADODB.Recordset")

Select Case sType

Case "ListTables" ' Open RS of the Tables in the DB

Set objRS = objDC.OpenSchema(adSchemaTables)

Case "ViewTable"  ' Open the Selected Table

Set objRS = Server.CreateObject("ADODB.Recordset")

objRS.Open "[" & sTableName & "]", objDC, adOpenForwardOnly, adLockReadOnly

Case "DrillDown"  ' Open the Recordset built by the selected options

Set objRS = Server.CreateObject("ADODB.Recordset")

 

' Build Our SQL Statement

sSqlString = "SELECT * FROM [" & sTableName & "]"

 

' If we're limiting records returned - insert the WHERE Clause into the SQL

If sCritField <> "" Then

' Figure out if we're dealinh with Numeric, Date, or String Values

Select Case iCritDataType

Case adSmallInt, adInteger, adSingle, adDouble, adDecimal, adTinyInt, adUnsignedTinyInt, adUnsignedSmallInt, adUnsignedInt, adBigInt, adUnsignedBigInt, adBinary, adNumeric, adVarBinary, adLongVarBinary, adCurrency, adBoolean

sCritOperator = "="

sCritDelimiter = ""

Case adDate, adDBDate, adDBTime, adDBTimeStamp

sCritOperator = "="

sCritDelimiter = "#"

Case adBSTR, adChar, adWChar, adVarChar, adLongVarChar, adVarWChar, adLongVarWChar

sCritOperator = "LIKE"

sCritDelimiter = "'"

End Select

sSqlString = sSqlString & " WHERE [" & sCritField & "] " & sCritOperator & " " & sCritDelimiter & sCritValue & sCritDelimiter

End If

 

' If we're sorting - insert the ORDER BY clause

If sSortOrder <> "none" Then

sSqlString = sSqlString & " ORDER BY [" & sSortField & "] " & sSortOrder

End If

 

sSqlString = sSqlString & ";"

 

' Open the actual Recordset using a Forward Only Cursor in Read Only Mode

objRS.Open sSqlString, objDC, adOpenForwardOnly, adLockReadOnly

End Select

End Sub

 

Sub CloseRecordset

objRS.Close

Set objRS = Nothing

End Sub

 

Sub CloseConnection

objDC.Close

Set objDC = Nothing

End Sub

 

Sub WriteTitle(sTitle)

Response