别人写的 PHP: <% Class QuickDb Private Conn, ConnStr Private SqlDatabaseName, SqlPassword, SqlUsername, SqlLocalName, SqlNowString Public rs Private Sub Class_Initialize() SqlDatabaseName = "db" SqlUsername = "sa" SqlPassword = "123456" SqlLocalName = "a01" SqlNowString = "GetDate()" OpenDb End Sub Private Sub OpenDb() On error resume next ConnStr = "Provider = Sqloledb; User ID = " & SqlUsername & "; Password = " & Replace(SqlPassword, Chr(0), "") & ";Initial Catalog = " & SqlDatabaseName & "; Data Source = " & SqlLocalName & ";" Set Conn = CreateObject("ADODB.Connection") Conn.Open ConnStr If Err Then Err.Clear Set Conn = Nothing On error goto 0 Err.Raise 1, "MyClass", "数据库连接出错,请检查连接字串。" End If Set rs = server.createobject("ADODB.Recordset") End Sub Public Sub SetRs(strsql,CursorAndLockType) '执行一个查询 返回纪录集 dim c,l if CursorAndLockType="" then CursorAndLockType=13 end if if CursorAndLockType<9 then CursorAndLockType=13 end if c=left(CursorAndLockType,1) l=right(CursorAndLockType,1) rs.Open strsql, Conn, c,l End Sub public Sub Execute(sql,OutRs) if instr(Ucase(sql),Ucase("select"))>0 then Set OutRs = Conn.Execute(sql) else Call Conn.Execute(sql) OutRs=1 end if End Sub Public Sub SelectDb(Table, Where,OutRs) Dim sqlstr sqlstr = "Select * from " & Table & " Where " & Where Call Execute(sqlstr,OutRs) End Sub Public Function Delete(Table, Where) Dim Flag, sqlstr,NullTmp Flag = False On Error Resume Next sqlstr = "delete from " & Table & " where " & Where Execute sqlstr,NullTmp If Err.Number = 0 Then Flag = True End If Delete = Flag End Function Public Function Insert(Table, MyFields, Values) Dim sql,NullTmp Insert = False sql = "Insert INTO Table1(fields) VALUES (values)" sql = Replace(sql, "Table1", Table) sql = Replace(sql, "fields", MyFields) sql = Replace(sql, "values", Values) On error Resume next Execute sql,NullTmp If Err.Number = 0 Then Insert = True End if On error goto 0 End Function Public Function Update(Table,Field,Value,Where) Update=False Dim SqlStr If SqlInject(Table) or SqlInject(Field) then'因为Value和Where中可能包含',不对他们进行安全校验 Response.write "参数中含有不安全因素,程序被终止" Exit Function end if SqlStr="Update [Table] Set [Field]=Value Where Where1" SqlStr=Replace(SqlStr,"Table",Table) SqlStr=Replace(SqlStr,"Field",Field) SqlStr=Replace(SqlStr,"Value",Value) SqlStr=Replace(SqlStr,"Where1",Where) On error resume next Dim QDb,TmpRs Set QDb=new QuickDb Call QDb.Execute(SqlStr,TmpRs) if err.number=0 then If TmpRs=1 then Update=True End if end if Set QDb=Nothing On error goto 0 End Function Function SqlInject(ByVal SqlStr) 'false 安全 True不安全 SqlInject = True Dim TmpStr, ArrStr, originalLen TmpStr = "'',',or,not,and,--, ,chr,asc" originalLen = Len(SqlStr) ArrStr = Split(TmpStr, ",") TmpStr = UCase(TmpStr) For i = 0 To UBound(ArrStr) SqlStr = Replace(SqlStr, UCase(ArrStr(i)), "") Next If Len(SqlStr) = originalLen Then SqlInject = False End If End Function Private Sub Class_Terminate() If IsObject(Conn) Then If Conn.State <> 0 Then Conn.Close Set Conn = Nothing End If End If If IsObject(rs) Then If rs.State <> 0 Then rs.Close Set rs = Nothing End If End If End Sub End Class %>