<%
If Response.IsClientConnected Then
Else
Response.End
End If
dim conn,dbuid,dbpwd,dBName,dbip,rs',database
'database=1
'---------------------------------------------------------------------------
dbuid="365heart_qiantaiuser" '数据库登陆名
dbpwd="60117468" '数据库密码
dBName="ZGXW" '数据库名称
dbip="192.168.1.11"
'---------------------------------------------------------------------------
Set Conn=Server.CreateObject("Adodb.Connection")
Conn.Open "PROVIDER=SQLOLEDB.1;Data Source="&dbip&";Initial Catalog="&dBName&";Persist Security Info=True;User ID="&dbuid&";Password="&dbpwd&";Connect Timeout=30"
Set Rs=Server.CreateObject("ADODB.RecordSet")
dim real_fsoname
real_fsoname="Scripting.FileSystemObject_365heart"
%>
<%
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
Fy_In="chr(|exec |0x730079007300610064006d0069006e00|mid(|master.|cmd(|char(|and 1=1|and 1=2|drop table| 1=1| 1=2|create talbe|window.setTimeout|document.write"
Fy_Inf = split(Fy_In,"|")
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(SafeRequest(Request.Form(Fy_Post))),Fy_Inf(Fy_Xh))<>0 Then
Response.Write ""
Response.Write "提交IP:"&Request.ServerVariables("REMOTE_ADDR")&" "
Response.Write "提交时间:"&Now&" "
Response.Write "提交页面:"&Request.ServerVariables("URL")&" "
Response.Write "提交方式:Post "
Response.Write "提交参数:"&Fy_Post&" "
Response.Write "提交数据:"&SafeRequest(Request.Form(Fy_Post))
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(SafeRequest(Request.QueryString(Fy_Get))),Fy_Inf(Fy_Xh))<>0 Then
Response.Write ""
Response.Write "提交IP:"&Request.ServerVariables("REMOTE_ADDR")&" "
Response.Write "提交时间:"&Now&" "
Response.Write "提交页面:"&Request.ServerVariables("URL")&" "
Response.Write "提交方式:Get "
Response.Write "提交参数:"&Fy_Get&" "
Response.Write "提交数据:"&SafeRequest(Request.QueryString(Fy_Get))
Response.End
End If
Next
Next
End If
'符合要求的用户名应该包含的字符号
'Const USERNAME_IN = Array("1","a","_")
'现有用户名中不符合要求的部分
Dim USERNAME_OUT
USERNAME_OUT = Array(".","-",":"," ","-",")","'","'","—","+","@","%",",")
'组成字段的特殊过滤方式(用户名)
'使用:GetUserNameFiled("UserName")
Function GetUserNameFiled(inFiled)
Dim Str,u_out
Str = inFiled
For Each u_out In USERNAME_OUT
Str = Replace(Str,u_out,"")
Next
GetUserNameFiled = Str
End Function
'/*
' * 用户名接收过滤
' * 用于个人主页及登录等处的用户名接收过滤
' * 必须与SQL配合使用
' * 使用此过滤的原因在于以往的用户名不规范
' * 使用演示:
' * Sql = " Select id,username,password From users Where "&_
' * " Replace(username,'&','') "&_
' */
Function SafeRequest_User(ChkStr)
Dim Str,u_out
Str = ChkStr
If IsNull(Str) Then
Str = ""
Exit Function
End If
For Each u_out In USERNAME_OUT
Str = Replace(Str,u_out,"")
Next
Str = Replace(Str,"^","")
Str = Replace(Str,"&","")
Str = Replace(Str,"#","")
Str = Replace(Str,"$","")
Str = Replace(Str,"%","")
Str = Replace(Str,"(","")
Str = Replace(Str,")","")
Str = Replace(Str,"+","")
Str = Replace(Str,"<","")
Str = Replace(Str,">","")
Str = Replace(Str,"/","")
Str = Replace(Str,"\","")
Str = Replace(Str," ","")
Str = Replace(Str,"'","")
Str = Replace(Str,",","")
Str = Replace(Str,"'","")
Str = Replace(Str,":","")
SafeRequest_User = Str
End Function
'/*
' * 编辑器过滤
' * 用于带编辑器的留言内容
' * 理论上带编辑器的不用过滤
' */
Function SafeRequest_Editor(ChkStr)
Dim Str
Str = ChkStr
If IsNull(Str) Then
Str = ""
Exit Function
End If
SafeRequest_Editor = Str
End Function
'/*
' * 轻量级过滤
' * 用于不带编辑器的留言内容
' */
Function SafeRequest_Light(ChkStr)
Dim Str
Str = ChkStr
If IsNull(Str) Then
Str = ""
Exit Function
End If
Str = Replace(Str, "&", "&")
Str = Replace(Str, "'", "´")
Str = Replace(Str, """", """)
Str = Replace(Str, "<", "<")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "/", "/")
Str = Replace(Str, "*", "*")
Str = Replace(Str, "=", "=")
Str = Replace(Str, "%", "%")
SafeRequest_Light = Str
End Function
'/*
' * 完全过滤
' */
Function SafeRequest(ChkStr)
Dim Str
Str = ChkStr
If IsNull(Str) Then
Str = ""
Exit Function
End If
Str = Replace(Str, "&", "&")
Str = Replace(Str, "'", "´")
Str = Replace(Str, """", """)
Str = Replace(Str, "<", "<")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "/", "/")
Str = Replace(Str, "*", "*")
Str = Replace(Str, "=", "=")
Str = Replace(Str, "%", "%")
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
Str = re.Replace(Str, "$1here")
re.Pattern = "(c)(har)"
Str = re.Replace(Str, "$1har")
re.Pattern = "(s)(elect)"
Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)"
Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)"
Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)"
Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)"
Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)"
Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)"
Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(\n)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(java)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)"
Str = re.Replace(Str, "$1script")
If Instr(Str, "expression") > 0 Then
Str = Replace(Str, "expression", "expression", 1, -1, 0)
End If
Set re = Nothing
SafeRequest = Str
End Function
%>
<%'模块功能: SQL通用防注入模块
'2005-9-21 by 代良举
'如果不是超级管理员
Dim FS_NoSqlHackTe_AllStr,FS_NoSqlHackTe_Str,FS_NoSqlHackTe_ComeUrlGet,FS_NoSqlHackTe_ComeUrlPost,FS_NoSqlHackTe_Get,FS_NoSqlHackTe_Post,FS_NoSqlHackTe_i
'On Error Resume Next
FS_NoSqlHackTe_AllStr="chr(|exec |0x730079007300610064006d0069006e00|insert |delete from|update |mid(|master.|cmd(|char(|and 1=1|and 1=2|drop table| 1=1| 1=2|create talbe|window.setTimeout|document.write|cast("
FS_NoSqlHackTe_AllStr=FS_NoSqlHackTe_AllStr&"|script"
'FS_NoSqlHackTe_AllStr=" and |chr"
FS_NoSqlHackTe_ComeUrlGet = Request.QueryString
FS_NoSqlHackTe_ComeUrlPost = Request.Form
FS_NoSqlHackTe_Str = Split(FS_NoSqlHackTe_AllStr,"|")
'response.write request.Servervariables("url")
'response.end
If FS_NoSqlHackTe_ComeUrlPost<>"" then
'call check_ip()
For Each FS_NoSqlHackTe_Post In Request.Form
'response.write FS_NoSqlHackTe_Post
For FS_NoSqlHackTe_i = 0 To Ubound(FS_NoSqlHackTe_Str)'FS_NoSqlHackTe_Post是FORM表单里边的每个项目
If Instr(LCase(trim(Request.Form(FS_NoSqlHackTe_Post))),FS_NoSqlHackTe_Str(FS_NoSqlHackTe_i))<>0 Then
response.write "链接样式错误,请勿使用不正常的链接形式,您的IP:"&Request.ServerVariables("REMOTE_ADDR")&"错误已经被记录在日志 "&FS_NoSqlHackTe_Str(FS_NoSqlHackTe_i)
call SaveBadSql2(Request.ServerVariables("REMOTE_ADDR"),LCase(request.Servervariables("HTTP_REFERER"))&"项目"&FS_NoSqlHackTe_Post&":"&LCase(Request.Form(FS_NoSqlHackTe_Post)))
Response.End
End if
Next
Next
End if
If FS_NoSqlHackTe_ComeUrlGet<>"" then
'call check_ip()
For Each FS_NoSqlHackTe_Get In Request.QueryString 'FS_NoSqlHackTe_Get是URL里边的每个参数
'response.write Ubound(FS_NoSqlHak_Str)
For FS_NoSqlHackTe_i = 0 To Ubound(FS_NoSqlHackTe_Str)
If Instr(LCase(trim(Request.QueryString(FS_NoSqlHackTe_Get))),FS_NoSqlHackTe_Str(FS_NoSqlHackTe_i))<>0 Then
'response.write FS_NoSqlHackTe_Str(FS_NoSqlHackTe_i)&" "
response.write "链接样式错误,请勿使用不正常的链接形式,您的IP:"&Request.ServerVariables("REMOTE_ADDR")&"错误已经被记录在日志 "&FS_NoSqlHackTe_Str(FS_NoSqlHackTe_i)
call SaveBadSql2(Request.ServerVariables("REMOTE_ADDR"),LCase(request.Servervariables("PATH_INFO"))&"?"&replace(request.Servervariables("QUERY_STRING"),"%20"," ")&"参数"&FS_NoSqlHackTe_Get&"="&LCase(Request.QueryString(FS_NoSqlHackTe_Get)))
Response.End
End if
Next
Next
End if
Function SaveBadSql2(badip,badurl)
sql2="insert into BadSql (ip,adddate,badsql"
if session("xpuser")<>"" then sql2=sql2&",username"
sql2=sql2&") values ('"&badip&"','"&now&"','"&badurl&"'"
if session("xpuser")<>"" then sql2=sql2&",'"&session("xpuser")&"'"
sql2=sql2&")"
'response.write sql2
conn.execute(sql2)
'BADSQL表, 字段 id,ip,adddate,badsql 记录攻击者的IP,时间,攻击字符串
End Function
%>
<%
sub closedb()
conn.close
set conn=nothing
end sub
sub closers()
rs.close
set rs=nothing
end sub
Function saferequest(ChkStr)
Dim Str
Str = ChkStr
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str, "&", "&")
Str = Replace(Str, "'", "´")
Str = Replace(Str, """", """)
Str = Replace(Str, "<", "<")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "/", "/")
Str = Replace(Str, "*", "*")
Str = Replace(Str, "=", "=")
Str = Replace(Str, "%", "%")
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
Str = re.Replace(Str, "$1here")
re.Pattern = "(c)(har)"
Str = re.Replace(Str, "$1har")
re.Pattern = "(s)(elect)"
Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)"
Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)"
Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)"
Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)"
Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)"
Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)"
Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(\n)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(java)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)"
Str = re.Replace(Str, "$1script")
If Instr(Str, "expression") > 0 Then
Str = Replace(Str, "expression", "expression", 1, -1, 0)
End If
Set re = Nothing
saferequest = Str
End Function
%>
<%
Function saferequest(ChkStr)
Dim Str
Str = ChkStr
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str, "&", "&")
Str = Replace(Str, "'", "´")
Str = Replace(Str, """", """)
Str = Replace(Str, "<", "<")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "/", "/")
Str = Replace(Str, "*", "*")
Str = Replace(Str, "=", "=")
Str = Replace(Str, "%", "%")
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
Str = re.Replace(Str, "$1here")
re.Pattern = "(c)(har)"
Str = re.Replace(Str, "$1har")
re.Pattern = "(s)(elect)"
Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)"
Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)"
Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)"
Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)"
Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)"
Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)"
Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(\n)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(java)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)"
Str = re.Replace(Str, "$1script")
If Instr(Str, "expression") > 0 Then
Str = Replace(Str, "expression", "expression", 1, -1, 0)
End If
Set re = Nothing
saferequest = Str
End Function
function index_get_point()
picture=2 '计数器 SKIN 代号(可选1--6)
picnum=3 '计数器的位数(可选1--10)
sql="select point from page_checked where id=3"
set rs=conn.execute(sql)
point=rs(0)
counternum=cstr(point)
for i=1 to (picnum-len(counternum))
counternum="0"&counternum
next
counter=""
for i=1 to len(counternum)
pic=""
dispic="document.write(""" & pic & """);"
'response.write pic
next
response.write point
end function
function data(d_t,d_type,d_num,d_style)
dim rs
if d_num<>"" and not isnull(d_num) then d_num="top "&d_num
page=trim(saferequest(request("page")))
if page="" then
currentpage=1
elseif IsNumeric(page)=False then
currentpage=1
else
currentpage= Cint(page)
end if
if currentpage<1 then currentpage=1
select case d_t
case "ksts"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=3 order by newsid desc"
case "dxbl"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=12 and about<>'成功病例' order by newsid desc"
case "cgbl"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=12 and about='成功病例' order by newsid desc"
case "mtsd"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=19 order by newsid desc"
case "xsdt"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=4 order by newsid desc"
case "ksdt"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=3 and about not like '%科室荣誉%' order by newsid desc"
case "jkkp"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=16 order by newsid desc"
case "gkcs"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=16 and about<>'康复知识' order by newsid desc"
case "kfzs"
data=""
sql="select "&d_num&" newsid,title,fname,author,content from news where checked=1 and Meeting_id=4 and ClassNameid=16 and about='康复知识' order by newsid desc"
case "wsdy"
data=""
sql="select "&d_num&" id,username,userrealname,neirong,answer,tiwentime,zhuanjia,tiwen_title from gw_tiwen where type='北医三院骨科' order by id desc"
case "ksry"
data=""
sql="select "&d_num&" newsid,title,fname,author,content, from news where checked=1 and Meeting_id=4 and ClassNameid=3 and about like '%科室荣誉%' order by newsid desc"
end select
'response.write sql&" "
if d_type="list" then
set rs = Server.CreateObject("Adodb.RecordSet")
rs.Open sql,conn,1,1
if not rs.eof then
MaxPerPage=18
Rs.PageSize=MaxPerPage
totalnumber=rs.RecordCount
pagecount=rs.PageCount
if currentpage>PageCount then currentpage=PageCount
rs.AbsolutePage = currentpage
i=1
data=""
data=data&"
"
do while not rs.eof
if int(d_style)=1 then '文章及摘要列表样式
data=data&"
"&rs("title")&""
if d_t="ksdt" then
if i<3 then
data=data&" "
end if
end if
if d_t="mtsd" then
if i<4 then
data=data&" "
end if
end if
data=data&"
"&left(rs("title"),20)&""
if d_t="ksdt" or d_t="xsdt" then
if i<3 then
data=data&" "
end if
end if
data=data&"
"
end if
if i>=MaxPerPage then exit do
rs.movenext
i=i+1
loop
data=data&"
"
purl="news_more.asp?t="&d_t&"&"
if d_num="" then
data=data&pageUrl_fenye(pagecount,currentpage,purl,totalnumber)
end if
end if
rs.close
set rs=nothing
end if
end function
'--------------------------------------------------------------------
Function GlHtml(str)
If IsNull(str) Or Trim(str) = "" Then
GlHtml = ""
Exit Function
End If
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(\<.[^\<]*\>)"
str = re.Replace(str, " ")
re.Pattern = "(\<\/[^\<]*\>)"
str = re.Replace(str, " ")
Set re = Nothing
str = Replace(str, "'", "")
str = Replace(str, Chr(34), "")
str = Replace(str, Chr(34), "")
str = Replace(str, " ", "")
str = Replace(str, " ", "")
str = Replace(str, " ", "")
GlHtml = str
End Function
'-------------------------------------------------------------------
Function Safe_Request(ParaName,ParaType,Pararealname)
'ParaName:传递入数据变量
'ParaType:判断类型
if ParaName<>"" then
Dim ParaValue
ParaValue=ParaName
If ParaType=1 then
if ParaName<>"" then
If not isNumeric(ParaValue) then
Response.write"参数:" &Pararealname& "必须为数字,不能填写字母,汉字,标点"
ParaValue=""
Response.end
else
ParaName=ParaValue
End if
else
ParaName=0
end if
Elseif ParaType=2 then'
ParaValue=replace(ParaValue,"sp_","")
ParaValue=replace(ParaValue,"declare","")
ParaValue=replace(ParaValue,"Union","")
ParaValue=replace(ParaValue,"cmd","")
ParaValue=replace(ParaValue,"+","")
if instr(ParaValue,"http")=0 then ParaValue=replace(ParaValue,"//","")
ParaValue=replace(ParaValue,",",",")
ParaValue=replace(ParaValue,"..","..")
ParaValue=replace(ParaValue,"--","--")
ParaValue=replace(ParaValue,"'","'")
ParaValue=replace(ParaValue,"%","%")
ParaValue=replace(ParaValue,"0x","")
ParaValue=replace(ParaValue,"xp_","")
ParaValue=replace(ParaValue,"exec","")
ParaValue=replace(ParaValue,"insert","")
ParaValue=replace(ParaValue,"update","")
ParaValue=replace(ParaValue,"delete","")
ParaValue=replace(ParaValue,"exec","")
ParaValue=replace(ParaValue,"create","")
ParaValue=replace(ParaValue,"drop","")
ParaValue=replace(ParaValue,"alter","")
paraname=ParaValue
end if
End if
End function
'---------------------提问保存函数-------------------------
function add_ask()
usrename=saferequest(request("username"))
mail=saferequest(request("mail"))
zhuanjia=saferequest(request("zhuanjia"))
tiwen_title=saferequest(request("tiwen_title"))
neirong=saferequest(request("neirong"))
verifycode=replace(trim(saferequest(request("verifycode"))),"'","")
if tiwen_title="" or neirong="" then
response.Write ""
end if
if verifycode<>CStr(session("CheckCode")) then
response.Write ""
response.end
end if
sql="select * from gw_tiwen"
rs.open sql,conn,1,3
rs.addnew
rs("userrealname")=username
rs("mail")=mail
rs("zhuanjia")=zhuanjia
rs("tiwen_title")=tiwen_title
rs("neirong")=neirong
rs("tiwentime")=now()
rs("tiwenip")=Request.ServerVariables("REMOTE_ADDR")
rs("type")="北医三院骨科"
rs.update
rs.close
set rs=nothing
response.Write ""
end function
function pageUrl_fenye(allPages,page,pUrl,total)
if page > 0 and allPages > 0 then
Dim eUrl, iPages1, iPages2, txt, txts, i
txts = Request.ServerVariables("URL")
txts = left(txts,instrrev(txts,"/",len(txts))-1)
eUrl = "http://" & Request.ServerVariables("server_name") & txts
if page>=20 then
iPages2=page+8
iPages1=Page-9
if iPages2>allPages then
iPages2=allPages
iPages1=allpages-9
end if
else
if allPages>20 then
iPages2=20
else
iPages2=allPages
END IF
iPages1=1
end if
For i=iPages1 to iPages2
txt = ""
if i = Cint(Page) then
txt = txt & ""
else
txt = txt & ""
end if
txt = txt & (i)
txt = txt & " "
pageUrl_fenye=pageUrl_fenye&txt
Next
IF int(page)<=1 then
pageUrl_fenye=pageUrl_fenye&" 下一页"
ELSEIF int(page) >= allPages then
pageUrl_fenye=pageUrl_fenye&" 最后一页"
ELSE
pageUrl_fenye=pageUrl_fenye&" 下一页"
END if
end if
END function
%>
<%
call xuanze()
flag1=1
flag=Trim(saferequest(request.form("flag")))
sub xuanze()
xuexiban=trim(saferequest(request.form("xuexiban")))
if xuexiban="进修" then
'response.Write "jinxiu"
elseif xuexiban="参观" then
'response.Write "canguan"
end if
end sub
if flag="savedata" then call savedata()
%>
<%
sub savedata()
Set rs=Server.CreateObject("ADODB.RecordSet")
shoujihaoma=trim(saferequest(request("shoujihaoma")))
call Safe_Request(shoujihaoma,1,"")
email=trim(saferequest(request("e-mail")))
call Safe_Request(email,2,"")
danweidizhi=trim(saferequest(request("danweidizhi")))
call Safe_Request(danweidizhi,2,"")
xuexiban=trim(saferequest(request("xuexiban")))
call Safe_Request(xuexiban,2,"")
zhuanye=trim(saferequest(request("zhuanye")))
call Safe_Request(zhuanye,2,"")
kaishidate=Trim(saferequest(request("kaishidate")))
call Safe_Request(kaishidate,2,"")
jieshudate=trim(saferequest(request("jieshudate")))
call Safe_Request(jieshudate,2,"")
jinxiushengname=trim(saferequest(request("jinxiushengname")))
call Safe_Request(jinxiushengname,2,"")
yuandanwei=trim(saferequest(request("yuandanwei")))
call Safe_Request(yuandanwei,2,"")
youbian=trim(saferequest(request("youbian")))
call Safe_Request(youbian,2,"")
tianbiaodate=trim(saferequest(request("tianbiaodate")))
call Safe_Request(tianbiaodate,2,"")
name1=trim(saferequest(request("name1")))
call Safe_Request(name1,2,"")
sex=trim(saferequest(request("sex")))
call Safe_Request(sex,1,"")
age=trim(saferequest(request("age")))
call Safe_Request(age,1,"")
jiguan=trim(saferequest(request("jiguan")))
call Safe_Request(jiguan,2,"")
minzu=trim(saferequest(request("minzu")))
call Safe_Request(minzu,2,"")
zhengzhimianmao=trim(saferequest(request("zhengzhimianmao")))
call Safe_Request(zhengzhimianmao,2,"")
wenhua=trim(saferequest(request("wenhua")))
call Safe_Request(wenhua,2,"")
jiatingtongxun=trim(saferequest(request("jiatingtongxun")))
call Safe_Request(jiatingtongxun,2,"")
cengzhuanye=trim(saferequest(request("cengzhuanye")))
call Safe_Request(cengzhuanye,2,"")
xiancongzhuanye=trim(saferequest(request("xiancongzhuanye")))
call Safe_Request(xiancongzhuanye,2,"")
yewuzhicheng=trim(saferequest(request("yewuzhicheng")))
call Safe_Request(yewuzhicheng,2,"")
jiankangqingkuang=trim(saferequest(request("jiankangqingkuang")))
call Safe_Request(jiankangqingkuang,2,"")
danweidianhua=trim(saferequest(request("danweidianhua")))
call Safe_Request(danweidianhua,2,"")
jiatingdianhua=trim(saferequest(request("jiatingdianhua")))
call Safe_Request(jiatingdianhua,2,"")
jianlidate=trim(saferequest(request("jianlidate")))
call Safe_Request(jianlidate,2,"")
daodate=trim(saferequest(request("daodate")))
call Safe_Request(daodate,2,"")
renhezhiwu=trim(saferequest(request("renhezhiwu")))
call Safe_Request(renhezhiwu,2,"")
guanxi=trim(saferequest(request("guanxi")))
call Safe_Request(guanxi,2,"")
jianame=trim(saferequest(request("jianame")))
call Safe_Request(jianame,2,"")
jiaage=trim(saferequest(request("jiaage")))
call Safe_Request(jiaage,2,"")
jiazhengzhimianmao=trim(saferequest(request("jiazhengzhimianmao")))
call Safe_Request(jiazhengzhimianmao,2,"")
danweizhiwu=trim(saferequest(request("danweizhiwu")))
call Safe_Request(danweizhiwu,2,"")
benrenyaoqiu=trim(saferequest(request("benrenyaoqiu")))
call Safe_Request(benrenyaoqiu,2,"")
lingdaoyijian=trim(saferequest(request("lingdaoyijian")))
call Safe_Request(lingdaoyijian,2,"")
bumenyijian=trim(saferequest(request("bumenyijian")))
call Safe_Request(bumenyijian,2,"")
danweiyijian=trim(saferequest(request("danweiyijian")))
call Safe_Request(danweiyijian,2,"")
zhusu=trim(saferequest(request("zhusu")))
call Safe_Request(zhusu,2,"")
jianlidate1="|"+replace(replace(replace(jianlidate,",","|")," ",""),"||","")+"|"
daodate1="|"+replace(replace(replace(daodate,",","|")," ",""),"||","")+"|"
renhezhiwu1="|"+replace(replace(replace(renhezhiwu,",","|")," ",""),"||","")+"|"
guanxi1="|"+replace(replace(replace(guanxi,",","|")," ",""),"||","")+"|"
jianame1="|"+replace(replace(replace(jianame,",","|")," ",""),"||","")+"|"
jiaage1="|"+replace(replace(replace(jiaage,",","|")," ",""),"||","")+"|"
jiazhengzhimianmao1="|"+replace(replace(replace(jiazhengzhimianmao,",","|")," ",""),"||","")+"|"
danweizhiwu1="|"+replace(replace(replace(danweizhiwu,",","|")," ",""),"||","")+"|"
if zhuanye="" then
response.write ""
response.End()
end if
if kaishidate="" then
response.write ""
response.End()
end if
if jieshudate="" then
response.write ""
response.End()
end if
if tianbiaodate="" then
response.write ""
response.End()
end if
if name1="" then
response.write ""
response.End()
end if
sql="select * from jinxiu"
rs.open sql,conn,1,3
rs.addnew
rs("shoujihaoma")=shoujihaoma
rs("e-mail")=email
rs("danweidizhi")=danweidizhi
rs("xuexiban")=xuexiban
rs("zhuanye")=zhuanye
rs("kaishidate")=kaishidate
rs("jieshudate")=jieshudate
rs("jinxiushengname")=jinxiushengname
rs("yuandanwei")=yuandanwei
rs("youbian")=youbian
rs("tianbiaodate")=tianbiaodate
rs("name1")=name1
rs("sex")=sex
rs("age")=age
rs("jiguan")=jiguan
rs("minzu")=minzu
rs("zhengzhimianmao")=zhengzhimianmao
rs("wenhua")=wenhua
rs("jiatingtongxun")=jiatingtongxun
rs("cengzhuanye")=cengzhuanye
rs("xiancongzhuanye")=xiancongzhuanye
rs("yewuzhicheng")=yewuzhicheng
rs("jiankangqingkuang")=jiankangqingkuang
rs("danweidianhua")=danweidianhua
rs("jiatingdianhua")=jiatingdianhua
rs("jianlidate")=jianlidate1
rs("daodate")=daodate1
rs("renhezhiwu")=renhezhiwu1
rs("guanxi")=guanxi1
rs("jianame")=jianame1
rs("jiaage")=jiaage1
rs("jiazhengzhimianmao")=jiazhengzhimianmao1
rs("danweizhiwu")=danweizhiwu1
rs("benrenyaoqiu")=benrenyaoqiu
rs("lingdaoyijian")=lingdaoyijian
rs("bumenyijian")=bumenyijian
rs("danweiyijian")=danweiyijian
rs("zhusu")=zhusu
rs.update
rs.close
'response.Write SQL
response.write ""
end sub
%>
![](images/"&picture&"/"&mid(counternum,i,1)&".gif)
"
dispic="document.write(""" & pic & """);"
'response.write pic
next
response.write point
end function
function data(d_t,d_type,d_num,d_style)
dim rs
if d_num<>"" and not isnull(d_num) then d_num="top "&d_num
page=trim(saferequest(request("page")))
if page="" then
currentpage=1
elseif IsNumeric(page)=False then
currentpage=1
else
currentpage= Cint(page)
end if
if currentpage<1 then currentpage=1
select case d_t
case "ksts"
data="