Recommended: 18 security rules for ASP Access database 18 security rules for ASP Access database: 1. First, we need to filter all content submitted by clients, including ?id=N, and also the select and asp file operation syntax of the operation database in the submitted html code. You can escape the submitted characters and then save them into the database. 2. Then you need to authorize the page that accesses the Access database
Database connection:
<%
set conn=server.createobject(adodb.connection)
conn.open driver={microsoft access driver (*.mdb)};dbq=&server.mappath(database name)
%>
Open the database:
exec=select * from database table
set rs=server.createobject(adodb.recordset)
rs.open exec,conn,1,1
Parameter 1, 1 is read
Read content format: <%=rs(field)%>
Add record handler:
<%
set conn=server.createobject(adodb.connection)
conn.open driver={microsoft access driver (*.mdb)};dbq=&server.mappath(database name)
name=request.form(field) name,tel,message is the field value set by the submit form
tel=request.form(field)
message=request.form(field)
exec=insert into table name (field) values('; field';) multiple separated by commas
conn.execute exec submits using execute
conn.close
set conn=nothing
%>
Search handler:
<%
name=request.form(field) name,tel is the field value set by the submit form
tel=request.form(field)
set conn=server.createobject(adodb.connection)
conn.open driver={microsoft access driver (*.mdb)};dbq=&server.mappath(database name)
exec=select * from table where name='; field'; and tel= field
set rs=server.createobject(adodb.recordset)
rs.open exec,conn,1,1
%>
';The content searched on the page is exported
<%
do while not rs.eof
%><tr>
<td><%=rs(name)%></td>
<td><%=rs(tel)%></td>
<td><%=rs(time)%></td>
</tr>
<%
rs.movenext
loop
%>
Delete record handler:
<%
set conn=server.createobject(adodb.connection)
conn.open driver={microsoft access driver (*.mdb)};dbq=&server.mappath(database name)
exec=delete * from table name where number =&request.form(id)
conn.execute exec
%>
Modify the record handler:
<%
set conn=server.createobject(adodb.connection)
conn.open driver={microsoft access driver (*.mdb)};dbq=&server.mappath(database name)
exec=select * from table name where number =&request.form(id)
set rs=server.createobject(adodb.recordset)
rs.open exec,conn,1,3 ';1,3 means modification
rs(name)=request.form(field) ';name,tel,message is the field value set by submitting the form
rs(tel)=request.form(field)
rs(message)=request.form(field)
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
%>
Modify record execution program: Enter ID number page >>> Export corresponding ID data >>>>>>> Directly modify the handler
Background login handler example:
<%
dim name,password
name=request.form(name)
password=request.form(password)
dim exec,conn,rs
exec=select *from table name where(name=';&field&'; and password=';&field&';)
set conn=server.createobject(adodb.connection)
conn.open driver={microsoft access driver (*.mdb)};dbq=&server.mappath(database name)
set rs=server.createobject(adodb.recordset)
rs.open exec,conn
if not rs.eof then
rs.Close
conn.Close
session(checked)=yes
session(check)=right
response.Redirect index.asp
else
session(checked)=no
session(check)=wrong
response.Redirect login.asp
end if
%>
Each background page plus:
<%if not session(checked)=yes then ';session defines a checked string variable
response.Redirect login.asp
else
%>
Share: Object-oriented classes in ASP The reporting system someone made for the company is now planned to re-modify and optimize. It is using ASP. If you use object-oriented, you must have classes. Fortunately, VBS supports the following references: % class MyClass Dim var 'Public variables must use Dim Private var2' Private variables do not require Sub sub1 response.write var2 End Sub Private Sub sub2