<%
Class quickdb
Private Conn, connstr
Private sqldatabasename, sqlpassword, sqlusername, sqllocalname, sqlnowstring
Public rs
Private sub class_initialize ()
Sqldatabasename = "DB"
Sqlusername = "sa"
Sqlpassword = "123456"
Sqllocalname = "A01"
Sqlnowstring = "getdate ()"
Opendb
End sub
Private sub opendb ()
On Error resume next
Connstr = "provider = sqloledb; user id =" & sqlusername & "; Password =" & replace (sqlpassword, CHR (0 ),"")&"; initial catalog = "& sqldatabasename &"; Data Source = "& sqllocalname &";"
Set conn = Createobject ("ADODB. Connection ")
Conn. Open connstr
If err then
Err. Clear
Set conn = nothing
On Error goto 0
Err. Raise 1, "myclass", "database connection error. Check the connection string. "
End if
Set rs = server. Createobject ("ADODB. recordset ")
End sub
Public sub setrs (strsql, cursorandlocktype )'
Dim C, L
If cursorandlocktype = "" then
Cursorandlocktype = 13
End if
If cursorandlocktype <9 then
Cursorandlocktype = 13
End if
C = left (cursorandlocktype, 1)
L = right (cursorandlocktype, 1)
Rs. Open strsql, Conn, C, L
End sub
Public sub execute (SQL, outrs)
If instr (ucase (SQL), ucase ("select")> 0 then
Set outrs = conn. Execute (SQL)
Else
Call conn. Execute (SQL)
Outrs = 1
End if
End sub
Public sub selectdb (table, where, outrs)
Dim sqlstr
Sqlstr = "select * from" & table & "where" & where
Call execute (sqlstr, outrs)
End sub
Public Function Delete (table, where)
Dim flag, sqlstr, nulltmp
Flag = false
On Error resume next
Sqlstr = "delete from" & table & "where" & where
Execute sqlstr, nulltmp
If err. Number = 0 then
Flag = true
End if
Delete = Flag
End Function
Public Function insert (table, myfields, values)
dim SQL, nulltmp
insert = false
SQL = "insert into Table1 (fields) values (values) "
SQL = Replace (SQL," Table1 ", table)
SQL = Replace (SQL," fields ", myfields)
SQL = Replace (SQL, "values", values)
on error resume next
Execute SQL, nulltmp
If err. number = 0 then
insert = true
end if
on error goto 0
end function
Public Function Update (table, field, value, where)
Update = false
dim sqlstr
If sqlinject (table) or sqlinject (field) then' because the value and where may contain ', security verification is not performed on them
response. the write "parameter contains insecure elements, Program terminated "
exit function
end if
sqlstr =" Update [Table] Set [field] = value where where1 "
sqlstr = Replace (sqlstr, "Table", table)
sqlstr = Replace (sqlstr, "field", field)
sqlstr = Replace (sqlstr, "value", value)
sqlstr = Replace (sqlstr, "where1", where)
on error resume next
dim qdb, tmprs
set qdb = new quickdb
call qdb. execute (sqlstr, tmprs)
If err. number = 0 then
If tmprs = 1 then
Update = true
end if
set qdb = nothing
on Error goto 0
end function
Function sqlinject (byval sqlstr) 'false secure true insecure
Sqlinject = true
Dim tmpstr, arrstr, originallen
Tmpstr = "'', ', or, not, And, --, CHR, ASC"
Originallen = Len (sqlstr)
Arrstr = Split (tmpstr ,",")
Tmpstr = ucase (tmpstr)
For I = 0 to ubound (arrstr)
Sqlstr = Replace (sqlstr, ucase (arrstr (I )),"")
Next
If Len (sqlstr) = originallen then
Sqlinject = false
End if
End Function
Private sub class_terminate ()
If isobject (conn) then
If conn. State <> 0 then
Conn. Close
Set conn = nothing
End if
End if
If isobject (RS) then
If Rs. State <> 0 then
Rs. Close
Set rs = nothing
End if
End if
End sub
End Class
%>