%
'------------------sql zhuru
'-----------防注入代码----------------
'--------定义部份------------------
'Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
'自定义需要过滤的字串,用 "|||" 分隔
Fy_In = "'|||;|||and|||exec|||insert|||select|||delete|||update|||count|||*|||%|||chr|||mid|||master|||truncate|||char|||declare"
'----------------------------------
Fy_Inf = split(Fy_In,"|||")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
response.redirect "http://www.it168.com"
End If
Next
Next
End If
'----------------------------------
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
response.redirect "http://www.it168.com"
End If
Next
Next
End If
''''''''''-----------sql end
%>
<%
''''''''''''''''''''''''''''''''''
' 050324
' lsh
''''''''''''''''''''''''''''''''''
%>
<%
dim cPositionCode
dim startdate,enddate,keyword
dim title,title1
dim cPositionCode1,cPositionCode2,cPositionCode3
dim topcDocid
cPositionCode = 1165
topcDocid = "'0000'"
startdate = replacestr(trim(request("startdate")))
if isnull(startdate) then startdate = ""
enddate = replacestr(trim(request("enddate")))
if isnull(enddate) then enddate = ""
if ( startdate <> "" and not isDate(startdate)) or ( enddate <> "" and not isDate(enddate)) then
response.write ""
response.end
end if
keyword = replacestr(trim(request("keyword")))
if isnull(keyword) then keyword = ""
%>
<%
sub newresult()
adoconn
csql = "select top 4 a.cdoc_id,a.cdoc_type,p.ctitle ctitle,p.cdoccode,p.cmemo,c.cpic4 "
csql = csql & " FROM tbl_article a right outer join tbl_position_article p on a.cdoc_id=p.cdoccode left outer join tbl_article_pic c on a.cdoc_id=c.cdoc_id "
csql = csql & "WHERE p.c2 <> '1' and p.c2 <> '3' and p.cPositionCode = '"&cPositionCode&"' "
csql = csql & "and p.cPushDate <= CONVERT(char(10), GETDATE(), 20) and c.cpic4<>'' "
csql = csql & " order by p.cpushdate desc"
udc_rs.open csql,udc_conn,3
if not udc_rs.eof then
i = 0
' 框架表格
str = ""
str = str & "
"&vbcrlf
str = str & "
"&vbcrlf
str = str & "
"&vbcrlf
str = str & "
"&vbcrlf
str = str & "
"&vbcrlf
while not udc_rs.eof
str = str & "
"&vbcrlf
for i = 1 to 2
if not udc_rs.eof then
str = str & "
"&vbcrlf
' 内容表格
'Response.write
if len(udc_rs("cdoccode")) = 14 then
cDoc_id=udc_rs("cdoccode")
clink="http://publish.it168.com/"& left(cDoc_id,4) &"/"& mid(cDoc_id,5,4) &"/"& cDoc_id &".shtml"
cimg = "http://publish.it168.com/"& left(cDoc_id,4) &"/"& mid(cDoc_id,5,4) &"/"&"images/"& udc_rs("cpic4")
else
clink=udc_rs("cmemo")
cimg = "http://publish.it168.com/"&udc_rs("cdoccode")
end if
str = str & "
"&vbcrlf
response.write str
end if
end sub
sub searchresult()
adoconn
csql = "select a.cdoc_id,a.cdoc_type,p.ctitle ctitle,p.cdoccode,p.cmemo,a.cinstro,c.cpic4,p.cPushDate "
csql = csql & " FROM tbl_article a right outer join tbl_position_article p on a.cdoc_id=p.cdoccode left outer join tbl_article_pic c on a.cdoc_id=c.cdoc_id "
csql = csql & "WHERE p.c2 <> '1' and p.c2 <> '3' and p.cPositionCode = '"&cPositionCode&"' "
csql = csql & "and p.cPushDate <= CONVERT(char(10), GETDATE(), 20) "
'csql = csql & "and not p.cdoccode in ("&topcDocid&") "
if startdate <> "" then
csql = csql & "and CAST(cPushDate AS datetime) >= '"&startdate&"' "
end if
if enddate <> "" then
csql = csql & "and CAST(cPushDate AS datetime) <= '"&enddate&"' "
end if
if keyword <> "" then
csql = csql & "and (c.ckey like '%"&keyword&"%' or a.ctitle like '%"&keyword&"%') "
end if
csql = csql & "order by p.cpushdate desc"
'response.write csql
udc_rs.open csql,udc_conn,3
if not udc_rs.eof then
page = request("page")
if isnull(page) or page="" then page=1
udc_rs.pagesize=10
iCount=udc_rs.recordcount
pages=(icount+udc_rs.pagesize-1)\udc_rs.pagesize
udc_rs.absolutepage=page
i = 0
str = ""
while not udc_rs.eof and i < udc_rs.pagesize
if len(udc_rs("cdoccode")) = 14 then
cDoc_id=udc_rs("cdoccode")
clink="http://publish.it168.com/"& left(cDoc_id,4) &"/"& mid(cDoc_id,5,4) &"/"& cDoc_id &".shtml"
cimg = "http://publish.it168.com/"& left(cDoc_id,4) &"/"& mid(cDoc_id,5,4) &"/"&"images/"& udc_rs("cpic4")
if len(udc_rs("cinstro")) > 75 then
cinstro = left(udc_rs("cinstro"),75)&"……"
else
cinstro = udc_rs("cinstro")
end if
else
clink=udc_rs("cmemo")
cimg = "http://publish.it168.com/"&udc_rs("cdoccode")
cinstro = "……"
end if
str = str & "
"&vbcrlf
udc_rs.movenext
i = i + 1
wend
response.write str
' 调用翻页子程序
link = "cPositionCode="&cPositionCode
if startdate <> "" then link = link & "&startdate="&startdate
if enddate <> "" then link = link & "&enddate="&enddate
if keyword <> "" then link = link & "&keyword="&keyword
call changepage(pages,page,link)
end if
end sub
' 翻页子程序
sub changepage(pages,page,parastr)
str = ""
str = str & "
"&vbcrlf
str = str & "
"&vbcrlf
str = str & "
"&vbcrlf
if page > 1 then
str = str & "上一页"&vbcrlf
else
str = str & "上一页"&vbcrlf
end if
if int(page) < int(pages) then
str = str & "下一页"&vbcrlf
else
str = str & "下一页"&vbcrlf
end if
str = str & "选择页码:"&vbcrlf
if int(page)>((page-1)\10)*10 and page>10 then
str = str & "上十页"&vbcrlf
end if
if ((int(page)-1)\10)*10 + 10 > pages then
endpage = pages
else
endpage = ((int(page)-1)\10)*10 + 10
end if
for i = ((int(page)-1)\10)*10+1 to endpage
if i = int(page) then
str = str & ""&i&" "&vbcrlf
else
str = str & ""&i&" "&vbcrlf
end if
next
if endpage <> pages then
str = str & "下十页"&vbcrlf
end if
str = str & "