当前位置: 首页 > 图文教程 > 网络编程 > ASP > 不通过数据源完全控制MDB数据库

ASP
编写通用的asp防注入程序
vbs(asp)下的Function 语句
ASP中类Class相关内容的整理资料
字符批量替换程序asp服务器版
旁注-网站小助手旭方修改免杀asp版
用正则表达式写的HTML分离函数
asp中"无限流"分页程序代码
asp的一个日期格式化函数
asp中创建多级目录的两段代码
asp中去除内容HTML标签的三个function函数
chr(9)、chr(10)、chr(13)、chr(32)、chr(34)讲解
方便的大家admin及admin888 经过 md5加密后16位和32位代码
可用的ASP无重复数字随机函数, 数组实现, 并应用于随机显示记录集
asp动态级联菜单代码
ASP中经常使用的SQL语句与教程说明
实例分析之用ASP编程实现网络内容快速查找的代码
服务端 VBScript 与 JScript 几个相同特性的写法与示例
ASP 环境下 VBS 事件应用 示例代码
asp 之上传漏洞终结篇
asp中一段防SQL注入的通用脚本

ASP 中的 不通过数据源完全控制MDB数据库


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-11-03   浏览: 131 ::
收藏到网摘: n/a

<%

' BEGIN USER CONSTANTS

' To just use a DSN, the format is shown on the next line:

'Const DSN_NAME = "DSN=ASP101email"

' Two other samples I used it with.  Left in as syntax examples for DSN-less connections

'Const DSN_NAME = "DBQ=C:\InetPub\wwwroot\asp101\samples\database.mdb;Driver={Microsoft Access Driver (*.mdb)};DriverId=25"

'Const DSN_NAME = "DBQ=C:\InetPub\database\donations.mdb;Driver={Microsoft Access Driver (*.mdb)};DriverId=25"

 

Dim DSN_NAME

DSN_NAME = "DBQ=" & Server.MapPath("db_dsn.mdb") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;"

Const DSN_USER = "username"

Const DSN_PASS = "password"

' Ok, I know these are poorly named constants, so sue me!

' This script can be used without actually setting up a DSN, so

' DSN_NAME as well as the other two constants should really be named

' something more generic like CONNECTION_STRING, CONNECTION_USER, and

' CONNECTION_PASS, but I did it this way without really thinking about

' it and I'm too lazy to change it now.  If it bothers you, you do it!

' END USER CONSTANTS

 

' BEGIN SUBS & FUNCTIONS SECTION

Sub OpenConnection

Set objDC = Server.CreateObject("ADODB.Connection")

objDC.ConnectionTimeout = 15

objDC.CommandTimeout = 30

objDC.Open DSN_NAME, DSN_USER, DSN_PASS

End Sub

 

Sub OpenRecordset(sType)

Dim sSqlString ' as String - building area for SQL query

Dim sCritOperator ' as String - basically "=" or "LIKE"

Dim sCritDelimiter ' as String - parameter delimiter "", "'", or "#"

 

Set objRS = Server.CreateObject("ADODB.Recordset")

Select Case sType

Case "ListTables" ' Open RS of the Tables in the DB

Set objRS = objDC.OpenSchema(adSchemaTables)

Case "ViewTable"  ' Open the Selected Table

Set objRS = Server.CreateObject("ADODB.Recordset")

objRS.Open "[" & sTableName & "]", objDC, adOpenForwardOnly, adLockReadOnly

Case "DrillDown"  ' Open the Recordset built by the selected options

Set objRS = Server.CreateObject("ADODB.Recordset")

 

' Build Our SQL Statement

sSqlString = "SELECT * FROM [" & sTableName & "]"

 

' If we're limiting records returned - insert the WHERE Clause into the SQL

If sCritField <> "" Then

' Figure out if we're dealinh with Numeric, Date, or String Values

Select Case iCritDataType

Case adSmallInt, adInteger, adSingle, adDouble, adDecimal, adTinyInt, adUnsignedTinyInt, adUnsignedSmallInt, adUnsignedInt, adBigInt, adUnsignedBigInt, adBinary, adNumeric, adVarBinary, adLongVarBinary, adCurrency, adBoolean

sCritOperator = "="

sCritDelimiter = ""

Case adDate, adDBDate, adDBTime, adDBTimeStamp

sCritOperator = "="

sCritDelimiter = "#"

Case adBSTR, adChar, adWChar, adVarChar, adLongVarChar, adVarWChar, adLongVarWChar

sCritOperator = "LIKE"

sCritDelimiter = "'"

End Select

sSqlString = sSqlString & " WHERE [" & sCritField & "] " & sCritOperator & " " & sCritDelimiter & sCritValue & sCritDelimiter

End If

 

' If we're sorting - insert the ORDER BY clause

If sSortOrder <> "none" Then

sSqlString = sSqlString & " ORDER BY [" & sSortField & "] " & sSortOrder

End If

 

sSqlString = sSqlString & ";"

 

' Open the actual Recordset using a Forward Only Cursor in Read Only Mode

objRS.Open sSqlString, objDC, adOpenForwardOnly, adLockReadOnly

End Select

End Sub

 

Sub CloseRecordset

objRS.Close

Set objRS = Nothing

End Sub

 

Sub CloseConnection

objDC.Close

Set objDC = Nothing

End Sub

 

Sub WriteTitle(sTitle)

Response