<!--#include file="conn.asp"-->
<%if request("action")<>"save" then%>
<%
Response.ContentType="application/x-javascript"
id=request.querystring("ID")
if not IsNumeric(id) then
t=request.querystring()
ips=Request.ServerVariables("Remote_Addr")
sj=now
conn.Execute "INSERT INTO log(username,action,ip,sj) VALUES('sql注入[pl.asp]','收到“"&t&"”','"&ips&"','"&sj&"' )"
conn.close
response.write "window.location='/'"
response.End()
end if
set rs=server.createobject("adodb.recordset")
sql="select id,title from article where id="&id&""
rs.open sql,conn,1,1
if rs.eof or rs.bof then
response.Write("document.write('文章不存在')")
response.end
else
title=rs("title")
articleid=rs("id")
rs.close
end if
%>
然后使用 <script language="javascript" src="xxx.asp"></script>。注意是“src”,不是“scr”!“xxx.asp”就是上面的程序存成“.asp”文件之后的文件(路径)。
欢迎光临:http://hi.baidu.com/littlechicken
topic.asp调用时使用<SCRIPT LANGUAGE="JavaScript" SRC="topic.asp"></SCRIPT>
<%
if MDBpath="" then
MDBpath="admin/"
end if
set rs_type=server.CreateObject("ADODB.RecordSet")
set rs=server.CreateObject("ADODB.RecordSet")
%>
<!--#include file="admin/mdb_path_down.asp"-->
<%
i=0
sql="select top 12 cxn,cxv,id,tid,date,hits from down order by date desc"
rs.open sql,conn,1,1
if rs.eof then%>
<%
else
do while not rs.eof
response.write "document.write ('<IMG height=7 src=""newgif/dot1.gif"" width=6 border=0>[')"
rs_type.open "select tname from downtype where id=" &rs("tid"),conn,1,1
if not rs_type.EOF then
TN=split(rs_type("tname"),"|")
response.write "document.write ('<a href=""sort/" &rs("tid") &"_1.htm"">" &TN(ubound(TN)-2) &"</a>')"
end if
rs_type.close
response.write "document.write (']<a href=""soft/" &rs("id") &".htm"">" &rs("cxn") &" " &rs("cxv") &"</a></td>'"
i=i+1
if i>=12 then exit do
rs.movenext
loop
end if
rs.close
%>
asp的也可以被调用,而且不用生成的<!--#include file="Conn.asp"-->
<%class=request("class")%>
document.write('<div class="mid02"><div id=demo<%=class%>s style=" overflow:hiddenheight:130pxwidth:600pxmargin:auto"><table border=0 align=left cellpadding=0 cellspacing="0" cellspace=0>')
document.write('<tr><td id=demo<%=class%>1 valign=top><table border="0" cellspacing="0" cellpadding="0"><tr>')
<%
set rs=server.CreateObject("adodb.recordset")
sql="select * from news where class="&class&" order by tuijian desc,id desc"
rs.open sql,conn,1,1
if not rs.eof then
do while not rs.eof
%>
document.write('<td valign=top align="center">')
document.write('<a href=anli.asp?id=<%=rs("id")%>target="_blank"><img src="manage/<%=rs("pic")%>" style="margin:5px auto auto 5px" width=120 height="94" border="0" /></a>')
document.write('<br><br><a href=anli.asp?id=<%=rs("id")%>target="_blank"><font color="#FFFFFF"><%=rs("title")%></font></a></td>')
document.write('<td valign=top align="center"><img src="images/kong.gif"></td>')
<%rs.movenext
loop
else
response.Write"document.write('<td align='center' valign=top>暂无内容</td>')"
end if
rs.close
set rs=nothing
%>
document.write('</tr></table></td><td id=demo<%=class%>2 valign=top></td></tr></table></div>')
