中国教程网论坛's Archiver

henrry365 发表于 2007-9-28 17:38

一个数据管理类

Class QuickDb
Private Conn, ConnStr
Private SqlDatabaseName, SqlPassword, SqlUsername, SqlLocalName, SqlNowString
Public rs
Private Sub Class_Initialize()
  SqlDatabaseName = "db"
  SqlUsername = "sa"
  SqlPassword = "123456"
  SqlLocalName = "a01"
  SqlNowString = "GetDate()"
  OpenDb
End Sub

Private Sub OpenDb()
  On error resume next
  ConnStr = "Provider = Sqloledb; User ID = " & SqlUsername & "; Password = " & Replace(SqlPassword, Chr(0), "") & ";Initial Catalog = " & SqlDatabaseName & "; Data Source = " & SqlLocalName & ";"
  Set Conn = CreateObject("ADODB.Connection")
  Conn.Open ConnStr
  If Err Then
   Err.Clear
   Set Conn = Nothing
   On error goto 0
   Err.Raise 1, "MyClass", "数据库连接出错,请检查连接字串。"
  End If
  Set rs = server.createobject("ADODB.Recordset")
End Sub

Public Sub SetRs(strsql,CursorAndLockType) '执行一个查询 返回纪录集
  dim c,l
  if CursorAndLockType="" then
   CursorAndLockType=13
  end if
  if CursorAndLockType<9 then
   CursorAndLockType=13
  end if
  c=left(CursorAndLockType,1)
  l=right(CursorAndLockType,1)
  rs.Open strsql, Conn, c,l
End Sub

public Sub Execute(sql,OutRs)
  if instr(Ucase(sql),Ucase("select"))>0 then
   Set OutRs = Conn.Execute(sql)
  else
   Call Conn.Execute(sql)
   OutRs=1
  end if
End Sub

Public Sub SelectDb(Table, Where,OutRs)
  Dim sqlstr
  sqlstr = "Select * from " & Table & " Where " & Where
  Call Execute(sqlstr,OutRs)
End Sub

Public Function Delete(Table, Where)
  Dim Flag, sqlstr,NullTmp
  Flag = False
  On Error Resume Next
  sqlstr = "delete from " & Table & " where " & Where
  Execute sqlstr,NullTmp
  If Err.Number = 0 Then
   Flag = True
  End If
  Delete = Flag
End Function

Public Function Insert(Table, MyFields, Values)
  Dim sql,NullTmp
  Insert = False
  sql = "INSERT INTO Table1(fields) VALUES (values)"
  sql = Replace(sql, "Table1", Table)
  sql = Replace(sql, "fields", MyFields)
  sql = Replace(sql, "values", Values)
  On error Resume next
  Execute sql,NullTmp
  If Err.Number = 0 Then
   Insert = True
  End if
  On error goto 0
End Function

Public Function Update(Table,Field,Value,Where)
  Update=False
  Dim SqlStr
  If SqlInject(Table) or SqlInject(Field) then'因为Value和Where中可能包含',不对他们进行安全校验
  Response.write "参数中含有不安全因素,程序被终止"
  Exit Function
  end if
  SqlStr="Update [Table] Set [Field]=Value Where Where1"
  SqlStr=Replace(SqlStr,"Table",Table)
  SqlStr=Replace(SqlStr,"Field",Field)
  SqlStr=Replace(SqlStr,"Value",Value)
  SqlStr=Replace(SqlStr,"Where1",Where)
  On error resume next
  Dim QDb,TmpRs
  Set QDb=new QuickDb
  Call QDb.Execute(SqlStr,TmpRs)
  if err.number=0 then
   If TmpRs=1 then
    Update=True
   End if
  end if
  Set QDb=Nothing
  On error goto 0
End Function

Function SqlInject(ByVal SqlStr) 'false 安全 True不安全
  SqlInject = True
  Dim TmpStr, ArrStr, OriginalLen
  TmpStr = "'',',or,not,and,--, ,chr,asc"
  OriginalLen = Len(SqlStr)
  ArrStr = Split(TmpStr, ",")
  TmpStr = UCase(TmpStr)
  For i = 0 To UBound(ArrStr)
   SqlStr = Replace(SqlStr, UCase(ArrStr(i)), "")
  Next
  If Len(SqlStr) = OriginalLen Then
   SqlInject = False
  End If
End Function

Private Sub Class_Terminate()
  If IsObject(Conn) Then
   If Conn.State <> 0 Then
    Conn.Close
    Set Conn = Nothing
   End If
  End If

  If IsObject(rs) Then
   If rs.State <> 0 Then
    rs.Close
    Set rs = Nothing
   End If
  End If
End Sub
End Class

xpatton 发表于 2007-12-12 18:24

谢谢#@#$*$

页: [1]

Powered by Discuz! Archiver 6.1.0  © 2001-2007 Comsenz Inc.