") fString = Replace(fString, CHR(10), "
") HTMLEncode = fString End if End function Function HTMLDecode(fString) If not isnull(fString) then fString = replace(fString, ">", ">") fString = replace(fString, "<", "<") fString = Replace(fString, " ", CHR(32)) fString = Replace(fString, " ",CHR(9)) fString = Replace(fString, """, CHR(34)) fString = Replace(fString, "'", CHR(39)) fString = Replace(fString, "",CHR(13) ) fString = Replace(fString, "

", CHR(10) & CHR(10)) fString = Replace(fString, "
", CHR(10)) HTMLDecode = fString End if End function function urldecoding(vstrin) dim i,strreturn,strSpecial strSpecial = "!""#$%&'()*+,/:;<=>?@[\]^`{|}~%" strreturn = "" for i = 1 to len(vstrin) thischr = mid(vstrin,i,1) if thischr="%" then intasc=eval("&h"+mid(vstrin,i+1,2)) if instr(strSpecial,chr(intasc))>0 then strreturn= strreturn & chr(intasc) i=i+2 else intasc=eval("&h"+mid(vstrin,i+1,2)+mid(vstrin,i+4,2)) strreturn= strreturn & chr(intasc) i=i+5 end if else if thischr="+" then strreturn= strreturn & " " else strreturn= strreturn & thischr end if end if next urldecoding = strreturn end function function urlencoding(vstrin) dim i,strreturn,strSpecial strSpecial = "!""#$%&'()*+,/:;<=>?@[\]^`{|}~%" strreturn = "" for i = 1 to len(vstrin) thischr = mid(vstrin,i,1) if abs(asc(thischr)) < &hff then if thischr=" " then strreturn = strreturn & "+" elseif instr(strSpecial,thischr)>0 then strreturn = strreturn & "%" & hex(asc(thischr)) else strreturn = strreturn & thischr end if else innercode = asc(thischr) if innercode < 0 then innercode = innercode + &h10000 end if hight8 = (innercode and &hff00)\ &hff low8 = innercode and &hff strreturn = strreturn & "%" & hex(hight8) & "%" & hex(low8) end if next urlencoding = strreturn end function %> <% ' if session("SiteDataBase")="" then ' Response.Write("") ' end if set comm = server.CreateObject ("ADODB.COMMAND") connstr = "driver={SQL Server};server=203.130.37.188,3314;uid=works;pwd=1a@s3d$;database=haojob" comm.ActiveConnection = connstr comm.CommandType = &H0004 %> <% SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then Response.Write "对不起！您提交的参数可能存在错误 ;请重新提交..." response.End() end if next Next End If strtemp=request.servervariables("server_name")&request.servervariables("url")&"?"&request.QueryString strtemp=lcase(strtemp) if instr(strtemp,"select%20") or instr(strtemp,"insert%20") or instr(strtemp,"delete%20from") or instr(strtemp,"count(") or instr(strtemp,"drop%20table") or instr(strtemp,"update%20") or instr(strtemp,"truncate%20") or instr(strtemp,"asc(") or instr(strtemp,"char(") or instr(strtemp,"xp_cmdshell") or instr(strtemp,"exec%20master") or instr(strtemp,"net%20user") or instr(strtemp,"%20or%20") or instr(strtemp,"'") or instr(strtemp,"""") or instr(strtemp,"“") or instr(strtemp,"”") or instr(strtemp,":") or instr(strtemp,": ") or instr(strtemp,";") or instr(strtemp,"; ") or instr(strtemp,"%27") then response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." response.End() end if Function Replace_Text(fString) if isnull(fString) then Replace_Text="" exit function else fString=trim(fString) fString=replace(fString,"'","''") fString=replace(fString,";","；") fString=replace(fString,"--","—") fString=replace(fString,"and","") fString=replace(fString,"or","") fString=replace(fString,"select","") fString=replace(fString,"insert","") fString=replace(fString,"exec","") fString=replace(fString,"delete","") fString=replace(fString,"update","") fString=replace(fString,"count","") fString=replace(fString,"truncate","") fString=replace(fString,"%","") fString=replace(fString,"chr","") fString=replace(fString,"master","") fString=replace(fString,"char","") fString=replace(fString,"declare","") fString=replace(fString,"*","") fString=replace(fString,"from","") fString=server.htmlencode(fString) Replace_Text=fString end if End function Function SafeRequest(ParaName) Dim ParaValue ParaValue=Request(ParaName) if IsNumeric(ParaValue) then SafeRequest=ParaValue exit Function else ParaValuetemp=lcase(ParaValue) tempvalue="select |insert |delete from|'|count(|drop table|update |truncate |asc(|char(|xp_cmdshell|exec master|net localgroup administrators|net user| and|%20from|exec|select|delete|count|*|%|chr|master|truncate|char|declare" temps=split(tempvalue,"|") for mycount=0 to ubound(temps) if Instr(ParaValuetemp,trim(temps(mycount))) > 0 then response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." response.end end if next SafeRequest=ParaValue end if End function Function SafeRequestform(ParaName) Dim ParaValue ParaValue=request.form(ParaName) if IsNumeric(ParaValue) then SafeRequestform=ParaValue exit Function else ParaValuetemp=lcase(ParaValue) tempvalue="select |insert |delete from|'|count(|drop table|update |truncate |asc(|char(|xp_cmdshell|exec master|net localgroup administrators|net user| and|%20from|exec|select|delete|count|*|%|chr|master|truncate|char|declare" temps=split(tempvalue,"|") for mycount=0 to ubound(temps) if Instr(ParaValuetemp,trim(temps(mycount))) > 0 then response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." response.end end if next SafeRequestform=ParaValue end if End function Sub Check_url() If Instr(Lcase(request.serverVariables("HTTP_REFERER")),Lcase(request.ServerVariables("SERVER_NAME")))=0 then Response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." Response.End() End if End Sub Sub Check_ID(ID) If Len(ID)>0 then If Len(ID)>8 Then Response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." Response.End() End If If IsNumeric(ID)=False Then Response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." Response.End() End If Else Response.write "对不起！您提交的参数可能存在错误 ;请重新提交..." Response.End() END If End Sub Function HTMLEncode(fString) If not isnull(fString) then fString = replace(fString, ">", ">") fString = replace(fString, "<", "<") fString = Replace(fString, CHR(32), " ") fString = Replace(fString, CHR(9), " ") fString = Replace(fString, CHR(34), """) fString = Replace(fString, CHR(39), "'") fString = Replace(fString, CHR(13), "") fString = Replace(fString, CHR(10) & CHR(10), "

") fString = Replace(fString, CHR(10), "
") HTMLEncode = fString End if End function Function HTMLDecode(fString) If not isnull(fString) then fString = replace(fString, ">", ">") fString = replace(fString, "<", "<") fString = Replace(fString, " ", CHR(32)) fString = Replace(fString, " ",CHR(9)) fString = Replace(fString, """, CHR(34)) fString = Replace(fString, "'", CHR(39)) fString = Replace(fString, "",CHR(13) ) fString = Replace(fString, "

", CHR(10) & CHR(10)) fString = Replace(fString, "
", CHR(10)) HTMLDecode = fString End if End function function urldecoding(vstrin) dim i,strreturn,strSpecial strSpecial = "!""#$%&'()*+,/:;<=>?@[\]^`{|}~%" strreturn = "" for i = 1 to len(vstrin) thischr = mid(vstrin,i,1) if thischr="%" then intasc=eval("&h"+mid(vstrin,i+1,2)) if instr(strSpecial,chr(intasc))>0 then strreturn= strreturn & chr(intasc) i=i+2 else intasc=eval("&h"+mid(vstrin,i+1,2)+mid(vstrin,i+4,2)) strreturn= strreturn & chr(intasc) i=i+5 end if else if thischr="+" then strreturn= strreturn & " " else strreturn= strreturn & thischr end if end if next urldecoding = strreturn end function function urlencoding(vstrin) dim i,strreturn,strSpecial strSpecial = "!""#$%&'()*+,/:;<=>?@[\]^`{|}~%" strreturn = "" for i = 1 to len(vstrin) thischr = mid(vstrin,i,1) if abs(asc(thischr)) < &hff then if thischr=" " then strreturn = strreturn & "+" elseif instr(strSpecial,thischr)>0 then strreturn = strreturn & "%" & hex(asc(thischr)) else strreturn = strreturn & thischr end if else innercode = asc(thischr) if innercode < 0 then innercode = innercode + &h10000 end if hight8 = (innercode and &hff00)\ &hff low8 = innercode and &hff strreturn = strreturn & "%" & hex(hight8) & "%" & hex(low8) end if next urlencoding = strreturn end function %> <% 'if session("SiteDataBase")="" then ' Response.Write("") 'end if connstr = "driver={SQL Server};server=203.130.37.188,3314;uid=works;pwd=1a@s3d$;database=haojob" set conn=server.createobject("ADODB.CONNECTION") conn.open connstr %> <% function PageOn(MyRecord,MySetPageNum) dim MyRecordSet dim TotalRecord,CurrentPageNo set MyRecordSet = MyRecord if not MyRecordSet.EOF then TotalRecord = MyRecordSet.RecordCount MyRecordSet.PageSize = MySetPageNum CurrentPageNo = trim(Request.QueryString ("pre_page")) if CurrentPageNo="" then CurrentPageNo = 0 else CurrentPageNo = clng(CurrentPageNo) end if if CurrentPageNo<>0 then MyRecordSet.AbsolutePage = CurrentPageNo elseif CurrentPageNo=0 then CurrentPageNo = 1 MyRecordSet.AbsolutePage = CurrentPageNo else Response.Write ("error:1000") end if end if set PageOn = MyRecordSet end function function ViewPageOn(MyRecord,MySetPageNum,MyViewPageNum,MyPageUrl) dim MyRecordSet dim CurrentPageNo,TotalPageNo,BegPage,EndPage,FileUrl,TempPage,FastPage,TempNum dim CheckFlag CheckFlag = instr(1,MyPageUrl,"?",1) if CheckFlag=0 then MyPageUrl = MyPageUrl & "?" elseif CheckFlag>0 then MyPageUrl = MyPageUrl & "&" end if if MyViewPageNum="" then Response.Write ("error:1001") else MyViewPageNum = clng(MyViewPageNum) end if set MyRecordSet = MyRecord MyRecordSet.PageSize = MySetPageNum CurrentPageNo = trim(Request.QueryString ("pre_page")) if CurrentPageNo="" then CurrentPageNo = 1 else CurrentPageNo = clng(CurrentPageNo) end if TotalPageNo = clng(MyrecordSet.PageCount) '**************************************** '分页begin '**************************************** if CurrentPageNo=1 and TotalPageNo=1 then elseif CurrentPageNo=1 and TotalPageNo>1 then if TotalPageNo<=MyViewPageNum then EndPage = TotalPageNo else EndPage = MyViewPageNum end if for i=1 to EndPage if i=CurrentPageNo then Response.Write (""&i&" ") else FileUrl = MyPageUrl & "pre_page=" & i & " class=pageon>" FileUrl = " " Response.Write (FileUrl) end if next FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo+1) & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & TotalPageNo & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl Response.Write (FastPage) elseif CurrentPageNo=TotalPageNo then FileUrl = MyPageUrl & "pre_page=" & "1" & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo-1) & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl Response.Write (FastPage) if TotalPageNo<=MyViewPageNum then BegPage = 1 else BegPage = TotalPageNo - MyViewPageNum + 1 end if EndPage = TotalPageNo for i=BegPage to EndPage if i=CurrentPageNo then Response.Write (""&i&" ") else FileUrl = MyPageUrl & "pre_page=" & i & " class=pageon>" FileUrl = " " Response.Write (FileUrl) end if next elseif CurrentPageNo>1 and TotalPageNo>1 then FileUrl = MyPageUrl & "pre_page=" & "1" & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo-1) & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl Response.Write (FastPage) if TotalPageNo<=MyViewPageNum then BegPage = 1 EndPage = TotalPageNo else TempNum = cint(MyViewPageNum\2) if CurrentPageNo<=TempNum then BegPage = 1 EndPage = MyViewPageNum else TempPage = CurrentPageNo + TempNum if TempPage>=TotalPageNo then EndPage = TotalPageNo else EndPage = TempPage end if BegPage = CurrentPageNo - TempNum end if end if for i=BegPage to EndPage if i=CurrentPageNo then Response.Write (""&i&" ") else FileUrl = MyPageUrl & "pre_page=" & i & " class=pageon>" FileUrl = " " Response.Write (FileUrl) end if next FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo+1) & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & TotalPageNo & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl Response.Write (FastPage) end if '**************************************** '分页begin '**************************************** end function function ViewPageOnCreate(MyRecord,MySetPageNum,MyViewPageNum,MyPageUrl) dim MyRecordSet dim CurrentPageNo,TotalPageNo,BegPage,EndPage,FileUrl,TempPage,FastPage,TempNum dim CheckFlag CheckFlag = instr(1,MyPageUrl,"?",1) if CheckFlag=0 then MyPageUrl = MyPageUrl & "?" elseif CheckFlag>0 then MyPageUrl = MyPageUrl & "&" end if if MyViewPageNum="" then Response.Write ("error:1001") else MyViewPageNum = clng(MyViewPageNum) end if set MyRecordSet = MyRecord MyRecordSet.PageSize = MySetPageNum CurrentPageNo = trim(Request.QueryString ("pre_page")) if CurrentPageNo="" then CurrentPageNo = 1 else CurrentPageNo = clng(CurrentPageNo) end if TotalPageNo = clng(MyrecordSet.PageCount) '**************************************** '分页begin '**************************************** if CurrentPageNo=1 and TotalPageNo=1 then elseif CurrentPageNo=1 and TotalPageNo>1 then if TotalPageNo<=MyViewPageNum then EndPage = TotalPageNo else EndPage = MyViewPageNum end if for i=1 to EndPage if i=CurrentPageNo then file.Write (""&i&" ") else FileUrl = MyPageUrl & "pre_page=" & i & " class=pageon>" FileUrl = " " file.Write (FileUrl) end if next FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo+1) & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & TotalPageNo & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl file.Write (FastPage) elseif CurrentPageNo=TotalPageNo then FileUrl = MyPageUrl & "pre_page=" & "1" & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo-1) & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl file.Write (FastPage) if TotalPageNo<=MyViewPageNum then BegPage = 1 else BegPage = TotalPageNo - MyViewPageNum + 1 end if EndPage = TotalPageNo for i=BegPage to EndPage if i=CurrentPageNo then file.Write (""&i&" ") else FileUrl = MyPageUrl & "pre_page=" & i & " class=pageon>" FileUrl = " " file.Write (FileUrl) end if next elseif CurrentPageNo>1 and TotalPageNo>1 then FileUrl = MyPageUrl & "pre_page=" & "1" & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo-1) & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl file.Write (FastPage) if TotalPageNo<=MyViewPageNum then BegPage = 1 EndPage = TotalPageNo else TempNum = cint(MyViewPageNum\2) if CurrentPageNo<=TempNum then BegPage = 1 EndPage = MyViewPageNum else TempPage = CurrentPageNo + TempNum if TempPage>=TotalPageNo then EndPage = TotalPageNo else EndPage = TempPage end if BegPage = CurrentPageNo - TempNum end if end if for i=BegPage to EndPage if i=CurrentPageNo then file.Write (""&i&" ") else FileUrl = MyPageUrl & "pre_page=" & i & " class=pageon>" FileUrl = " " file.Write (FileUrl) end if next FileUrl = MyPageUrl & "pre_page=" & (CurrentPageNo+1) & " class=pageon>" FileUrl = " " FastPage = FileUrl FileUrl = MyPageUrl & "pre_page=" & TotalPageNo & " class=pageon>" FileUrl = " " FastPage = FastPage & FileUrl file.Write (FastPage) end if '**************************************** '分页begin '**************************************** end function %> <% function ViewBlock(MyCommand,MySubjectId,MyStyle,MyNum,MyClassName,MyPrefix,picw,pich) dim OutString,i,TempString OutString = "" i = 0 set para1 = MyCommand.CreateParameter ("SubjectId",3,&H0001) set para2 = MyCommand.CreateParameter ("Num",2,&H0001) MyCommand.Parameters.Append (para1) MyCommand.Parameters.Append (para2) MyCommand.Parameters ("SubjectId") = MySubjectId if MyNum<90 then MyCommand.Parameters ("Num") = 1 else MyCommand.Parameters ("Num") = MyNum end if MyCommand.CommandText = "Ext_ViewBlo" set rs = MyCommand.Execute () while not rs.eof and i"" then viewTitle2 = "(" & Title2 & ")" end if SendDate = rs(5) OutSendDate = replace(SendDate,"2002年","") DocFrom = rs(6) PicNum = rs(7) if PicNum>0 then PicNum = "（图）" else PicNum = " " end if DocSort = rs(8) SignDate = rs(9) FilePath = rs(10) select case MyStyle case 10 if len(Title)>19 then Title = mid(Title,1,19) & "…" end if TempString = "" & MyPrefix & "" & Title & "" & PicNum & "" case 3 if len(keyword)>2 then keyword = mid(keyword,1,2)& "" end if if docfrom <>"" then TempString = "

" & MyPrefix & "

" & MyPrefix & "

" & MyPrefix & "

" & MyPrefix & "

" & MyPrefix & "

" & MyPrefix & "

" & MyPrefix & "

" & MyPrefix & "

"" then viewTitle2 = "(" & Title2 & ")" end if SendDate = rs(5) OutSendDate = replace(SendDate,"2002年","") DocFrom = rs(6) PicNum = rs(7) if PicNum>0 then PicNum = "（图）" else PicNum = " " end if DocSort = rs(8) SignDate = rs(9) FilePath = rs(10) select case MyStyle case 601 if len(Title)>23 then Title = mid(Title,1,23) & "…" end if TempString = "" & MyPrefix & "" & Title & "" case 602 TempString = "" & MyPrefix & "" & Title & " (" & Title2 & ")" case 603 TempString = "" & MyPrefix & "" & Title & " (" & Title2 & ")" end select OutString = OutString & TempString if TempString<>"" then i = i + 1 end if rs.MoveNext() wend rs.close if OutString<>"" then select case MyStyle case 1 OutString = OutString & "更多>>" end select end if MyCommand.Parameters.Delete "SubjectId" MyCommand.Parameters.Delete "Num" ViewBlockZhxxASC = OutString end function function GetDateFormat(DataValue,Style) dim yy,mm,dd,hh,min yy = year(DataValue) mm = right("0" & month(DataValue),2) dd = right("0" & day(DataValue),2) hh = right("0" & hour(DataValue),2) min = right("0" & minute(DataValue),2) select case Style case 1 GetDateFormat = mm & "-" & dd & " " & hh & ":" & min case 2 GetDateFormat = mm & "月" & dd & "日" case 3 GetDateFormat = dd & "日" & " " & hh & ":" & min case 4 GetDateFormat = yy & "年" & mm & "月" & dd & "日" case 5 GetDateFormat = yy & "." & mm & "." & dd end select end function %>

服装人才网 北京东方易尚科技有限公司 版权所有 京ICP证030536号 Copyright 2002-2006 51haojob.com Inc. All rights reserved.