<%
dim search_item,search_item_name,total,stotal,stotal1,examin_name
examin_name="2007年度会计从业资格考试"
search_item_cname="身份证号/准考证号" '准考证号 档 案 号 查询项目
search_item_name1="c4" '身份证号zkzh,dah 表中字段名称
search_item_name2="c15" '准考证号zkzh,dah 表中字段名称
table_name="[2007kjzg_cj]" '修改数据表名称
%>
<%
sub search()
'search_item=replace(trim(request.form("search_item")),"'","")
search_item=left(replace(trim(request.form("search_item")),"'",""),19)
if search_item="" then exit sub
'sql="select * from "&table_name&" where "&search_item_name&"='"&search_item&"'"
sql="select * from "&table_name&" where "&search_item_name1&"='"&search_item&"' or "&search_item_name2&"='"&search_item&"'"
'response.write sql
set rs=server.createObject("adodb.recordset")
%>
处理 SSI 文件时出错
<%
Dim Query_Badword,Form_Badword,i,Err_Message,Err_Web,name
'------定义部份 头----------------------------------------------------------------------
Err_Message = 1 '处理方式:1=提示信息,2=转向页面,3=先提示再转向
Err_Web = "Err.Asp" '出错时转向的页面
Query_Badword="'∥and∥select∥update∥chr∥delete∥%20from∥;∥insert∥mid∥master.∥set∥chr(37)∥="
'在这部份定义get非法参数,使用"∥"号间隔
Form_Badword="'∥%∥&∥*∥#∥@∥(∥)∥=" '在这部份定义post非法参数,使用"∥"号间隔
'------定义部份 尾-----------------------------------------------------------------------
'
'power by marquee
'www.mb999.com
'QQ:278836516 Mail:marquee@mb999.com
'
On Error Resume Next
'----- 对 get query 值 的过滤.
if request.QueryString<>"" then
Chk_badword=split(Query_Badword,"∥")
FOR EACH Query_Name IN Request.QueryString
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.QueryString(Query_Name)),Chk_badword(i))<>0 Then
Select Case Err_Message
Case "1"
Response.Write ""
Case "2"
Response.Write ""
Case "3"
Response.Write ""
End Select
Response.End
End If
NEXT
NEXT
End if
'-----对 post 表 单值的过滤.
if request.form<>"" then
Chk_badword=split(Form_Badword,"∥")
FOR EACH name IN Request.Form
for i=0 to ubound(Chk_badword)
If Instr(LCase(request.form(name)),Chk_badword(i))<>0 Then
Select Case Err_Message
Case "1"
Response.Write ""
Case "2"
Response.Write ""
Case "3"
Response.Write ""
End Select
Response.End
End If
NEXT
NEXT
end if
%>
<%
s="select count(*) from "&table_name
rs.open s,conn_examin
total=rs(0) '报名总人数
rs.close
rs.open sql,conn_examin
if rs.eof or rs.bof then
response.write " 查无此人!有疑问请联系我们!"
rs.close
else
response.write " 考生姓名: "&rs("c1")
response.write " 准考证号: "&rs("c15")
response.write " 身份证号: "&rs(4)
while not rs.eof
response.write " "
If rs("cj1")<>0 and rs("cj1") is null then
response.write " 财经法规与会计职业道德成绩: "&rs("cj1")
'response.write " 是否通过: "&rs("hg1")
end if
If rs("cj2")<>0 and rs("cj2") is null then
response.write " 会计基础成绩: "&rs("cj2")
'response.write " 是否通过: "&rs("hg2")
end if
if rs("c20")="p" then response.write " 是否通过: 通过"
if rs("c20")<>"p" then response.write " 是否通过: 没有通过"
response.write " "
rs.movenext
wend
rs.close
'strsql="update "&table_name&" set searchcount=searchcount+1 where "&search_item_name&"='"&search_item&"'"
ip=request.servervariables("remote_addr")
strsql="update "&table_name&" set searchcount=searchcount+1,search_last_ip='"&ip&"',search_last_date=getdate() where "&search_item_name1&"='"&search_item&"' or "&search_item_name2&"='"&search_item&"'"
rs.open strsql,conn_examin
'response.write strsql
end if
'============ 确定总人数 ==============
'查询过的总人数
sql="select count(*) as total from "&table_name&" where searchcount<>0"
rs.open sql,conn_examin
stotal=rs("total")
rs.close
'查询总次数
sql="select sum(searchcount) as total from "&table_name&" where searchcount<>0"
rs.open sql,conn_examin
stotal1=rs("total")
rs.close
'=========== end of 确定总人数 =========
set rs=nothing
conn_examin.close
set conn_examin=nothing
%>
<%
'response.write "(t"&total&" - s"&stotal&" - ts"&stotal1&")"
end sub
%>
胶东在线-考试频道 <%=examin_name%>