%@ LANGUAGE = VBScript.Encode %>
<%
response.buffer=true
response.expiresAbsolute=now()-1
response.AddHeader "Cache-Control","Private"
if len(Request.ServerVariables("query_string"))>80 then
Response.write ""
response.end
end if
''''''''################################
'''''''################################
'''''''以下控制脚本后所带的参数是否含有字符select和from
if instr(lcase(Request.ServerVariables("query_string")),"select")>0 or instr(lcase(Request.ServerVariables("query_string")),"from")>0 then
Response.write ""
response.end
end if
''''''#########################################
ID_Num=Request.QueryString("T_Id")
ID_Num=Lcase(ID_Num)
ID_Num=replace(ID_Num,"!","")
ID_Num=replace(ID_Num,"@","")
ID_Num=replace(ID_Num,"#","")
ID_Num=replace(ID_Num,"$","")
ID_Num=replace(ID_Num,"%","")
ID_Num=replace(ID_Num,"^","")
ID_Num=replace(ID_Num,"&","")
ID_Num=replace(ID_Num,"*","")
ID_Num=replace(ID_Num,"(","")
ID_Num=replace(ID_Num,")","")
ID_Num=replace(ID_Num,"-","")
ID_Num=replace(ID_Num,"_","")
ID_Num=replace(ID_Num,"=","")
ID_Num=replace(ID_Num,"+","")
ID_Num=replace(ID_Num,"|","")
ID_Num=replace(ID_Num,"\","")
ID_Num=replace(ID_Num,"/","")
ID_Num=replace(ID_Num,"?","")
ID_Num=replace(ID_Num,"<","")
ID_Num=replace(ID_Num,">","")
ID_Num=replace(ID_Num,",","")
ID_Num=replace(ID_Num,".","")
ID_Num=replace(ID_Num,"~","")
ID_Num=replace(ID_Num,"`","")
ID_Num=replace(ID_Num,"'","")
ID_Num=replace(ID_Num,":","")
ID_Num=replace(ID_Num,";","")
ID_Num=replace(ID_Num,"select","")
ID_Num=replace(ID_Num,"update","")
ID_Num=replace(ID_Num,"delete","")
ID_Num=replace(ID_Num,"append","")
ID_Num=replace(ID_Num,"insert","")
ID_Num=replace(ID_Num,"and","")
ID_Num=replace(ID_Num,"or","")
ID_Num=replace(ID_Num,"chr","")
ID_Num=replace(ID_Num,"char","")
ID_Num=replace(ID_Num,"asc","")
ID_Num=replace(ID_Num,"mid","")
ID_Num=replace(ID_Num,"len","")
ID_Num=replace(ID_Num,"left","")
ID_Num=replace(ID_Num,"is","")
ID_Num=replace(ID_Num,"not","")
ID_Num=replace(ID_Num,"shell","")
ID_Num=replace(ID_Num,"net","")
ID_Num=replace(ID_Num,"user","")
ID_Num=replace(ID_Num,"use","")
ID_Num=replace(ID_Num,"sql","")
ID_Num=replace(ID_Num,"master","")
ID_Num=replace(ID_Num,"backup","")
ID_Num=replace(ID_Num,"exec","")
ID_Num=replace(ID_Num,"add","")
ID_Num=replace(ID_Num,"drop","")
ID_Num=replace(ID_Num,"top","")
ID_Num=replace(ID_Num,"from","")
ID_Num=replace(ID_Num,"where","")
ID_Num=replace(ID_Num,"name","")
ID_Num=replace(ID_Num,"get","")
ID_Num=replace(ID_Num,"post","")
ID_Num=replace(ID_Num,"in","")
''''''''################################
'''''''################################
'''''''以下控制脚本后所带的参数是否含有字符select和from
'if instr(lcase(Request.ServerVariables("query_string")),"select")>0 or instr(lcase(Request.ServerVariables("query_string")),"from")>0 then
' response.write "不受欢迎地使用"
' response.end
'end if
''''''#########################################
%>
学科竞赛
<%
''''############################################################
dim my_conn
set my_conn=server.createobject("adodb.connection")
my_conn.Open "dsn=zhzxdsn;uid=;pwd=;"
addr=Request.ServerVariables("REMOTE_ADDR")
set rs = server.CreateObject("ADODB.RecordSet")
on error resume next
'''#############################################################
if request.form("mode")="search" or request.querystring("mode")="search" then
'''是搜索结果的显示
'''#######################################
if request.form("mode")="search" then
'''是提交搜索后的第一页
name=trim(request.form("name")) '''姓名
nian=trim(request.form("nian")) '''年份
course=request.form("course") '''学科
dengji=request.form("dengji") '''级别
dengji1=request.form("dengji1") '''等级
else
'''是多页之间的跳转
name=request.querystring("name")
nian=request.querystring("nian")
dengji=request.querystring("dengji")
dengji1=request.querystring("dengji1")
course=request.querystring("course")
end if
'''#######################################
''''#####################################################################
'''不允许全部显示
If name="" and nian="" and course="0" and dengji="0" and dengji1="0" then ' 无搜索内容
strsql="SELECT * FROM student "
' my_conn.Close
' set my_conn = nothing
' response.end
end if
''#################################################################
strsql="SELECT * FROM student " '''全部
title=" 满足指定搜索条件的 市级"
Name=Lcase(Name)
Name=replace(Name,"!","")
Name=replace(Name,"@","")
Name=replace(Name,"#","")
Name=replace(Name,"$","")
Name=replace(Name,"%","")
Name=replace(Name,"^","")
Name=replace(Name,"&","")
Name=replace(Name,"*","")
Name=replace(Name,"(","")
Name=replace(Name,")","")
Name=replace(Name,"-","")
Name=replace(Name,"_","")
Name=replace(Name,"=","")
Name=replace(Name,"+","")
Name=replace(Name,"|","")
Name=replace(Name,"\","")
Name=replace(Name,"/","")
Name=replace(Name,"?","")
Name=replace(Name,"<","")
Name=replace(Name,">","")
Name=replace(Name,",","")
Name=replace(Name,".","")
Name=replace(Name,"~","")
Name=replace(Name,"`","")
Name=replace(Name,"'","")
Name=replace(Name,":","")
Name=replace(Name,";","")
Name=replace(Name,"select","")
Name=replace(Name,"update","")
Name=replace(Name,"delete","")
Name=replace(Name,"append","")
Name=replace(Name,"insert","")
Name=replace(Name,"and","")
Name=replace(Name,"or","")
Name=replace(Name,"chr","")
Name=replace(Name,"char","")
Name=replace(Name,"asc","")
Name=replace(Name,"mid","")
Name=replace(Name,"len","")
Name=replace(Name,"left","")
Name=replace(Name,"is","")
Name=replace(Name,"not","")
Name=replace(Name,"shell","")
Name=replace(Name,"net","")
Name=replace(Name,"user","")
Name=replace(Name,"use","")
Name=replace(Name,"sql","")
Name=replace(Name,"master","")
Name=replace(Name,"backup","")
Name=replace(Name,"exec","")
Name=replace(Name,"add","")
Name=replace(Name,"drop","")
Name=replace(Name,"top","")
Name=replace(Name,"from","")
Name=replace(Name,"where","")
Name=replace(Name,"name","")
Name=replace(Name,"get","")
Name=replace(Name,"post","")
Name=replace(Name,"in","")
Nian=Lcase(Nian)
Nian=replace(Nian,"!","")
Nian=replace(Nian,"@","")
Nian=replace(Nian,"#","")
Nian=replace(Nian,"$","")
Nian=replace(Nian,"%","")
Nian=replace(Nian,"^","")
Nian=replace(Nian,"&","")
Nian=replace(Nian,"*","")
Nian=replace(Nian,"(","")
Nian=replace(Nian,")","")
Nian=replace(Nian,"-","")
Nian=replace(Nian,"_","")
Nian=replace(Nian,"=","")
Nian=replace(Nian,"+","")
Nian=replace(Nian,"|","")
Nian=replace(Nian,"\","")
Nian=replace(Nian,"/","")
Nian=replace(Nian,"?","")
Nian=replace(Nian,"<","")
Nian=replace(Nian,">","")
Nian=replace(Nian,",","")
Nian=replace(Nian,".","")
Nian=replace(Nian,"~","")
Nian=replace(Nian,"`","")
Nian=replace(Nian,"'","")
Nian=replace(Nian,":","")
Nian=replace(Nian,";","")
Nian=replace(Nian,"select","")
Nian=replace(Nian,"update","")
Nian=replace(Nian,"delete","")
Nian=replace(Nian,"append","")
Nian=replace(Nian,"insert","")
Nian=replace(Nian,"and","")
Nian=replace(Nian,"or","")
Nian=replace(Nian,"chr","")
Nian=replace(Nian,"char","")
Nian=replace(Nian,"asc","")
Nian=replace(Nian,"mid","")
Nian=replace(Nian,"len","")
Nian=replace(Nian,"left","")
Nian=replace(Nian,"is","")
Nian=replace(Nian,"not","")
Nian=replace(Nian,"shell","")
Nian=replace(Nian,"net","")
Nian=replace(Nian,"user","")
Nian=replace(Nian,"use","")
Nian=replace(Nian,"sql","")
Nian=replace(Nian,"master","")
Nian=replace(Nian,"backup","")
Nian=replace(Nian,"exec","")
Nian=replace(Nian,"add","")
Nian=replace(Nian,"drop","")
Nian=replace(Nian,"top","")
Nian=replace(Nian,"from","")
Nian=replace(Nian,"where","")
Nian=replace(Nian,"Nian","")
Nian=replace(Nian,"get","")
Nian=replace(Nian,"post","")
Nian=replace(Nian,"in","")
Course
Course=Lcase(Course)
Course=replace(Course,"!","")
Course=replace(Course,"@","")
Course=replace(Course,"#","")
Course=replace(Course,"$","")
Course=replace(Course,"%","")
Course=replace(Course,"^","")
Course=replace(Course,"&","")
Course=replace(Course,"*","")
Course=replace(Course,"(","")
Course=replace(Course,")","")
Course=replace(Course,"-","")
Course=replace(Course,"_","")
Course=replace(Course,"=","")
Course=replace(Course,"+","")
Course=replace(Course,"|","")
Course=replace(Course,"\","")
Course=replace(Course,"/","")
Course=replace(Course,"?","")
Course=replace(Course,"<","")
Course=replace(Course,">","")
Course=replace(Course,",","")
Course=replace(Course,".","")
Course=replace(Course,"~","")
Course=replace(Course,"`","")
Course=replace(Course,"'","")
Course=replace(Course,":","")
Course=replace(Course,";","")
Course=replace(Course,"select","")
Course=replace(Course,"update","")
Course=replace(Course,"delete","")
Course=replace(Course,"append","")
Course=replace(Course,"insert","")
Course=replace(Course,"and","")
Course=replace(Course,"or","")
Course=replace(Course,"chr","")
Course=replace(Course,"char","")
Course=replace(Course,"asc","")
Course=replace(Course,"mid","")
Course=replace(Course,"len","")
Course=replace(Course,"left","")
Course=replace(Course,"is","")
Course=replace(Course,"not","")
Course=replace(Course,"shell","")
Course=replace(Course,"net","")
Course=replace(Course,"user","")
Course=replace(Course,"use","")
Course=replace(Course,"sql","")
Course=replace(Course,"master","")
Course=replace(Course,"backup","")
Course=replace(Course,"exec","")
Course=replace(Course,"add","")
Course=replace(Course,"drop","")
Course=replace(Course,"top","")
Course=replace(Course,"from","")
Course=replace(Course,"where","")
Course=replace(Course,"Course","")
Course=replace(Course,"get","")
Course=replace(Course,"post","")
Course=replace(Course,"in","")
Dengji=Lcase(Dengji)
Dengji=replace(Dengji,"!","")
Dengji=replace(Dengji,"@","")
Dengji=replace(Dengji,"#","")
Dengji=replace(Dengji,"$","")
Dengji=replace(Dengji,"%","")
Dengji=replace(Dengji,"^","")
Dengji=replace(Dengji,"&","")
Dengji=replace(Dengji,"*","")
Dengji=replace(Dengji,"(","")
Dengji=replace(Dengji,")","")
Dengji=replace(Dengji,"-","")
Dengji=replace(Dengji,"_","")
Dengji=replace(Dengji,"=","")
Dengji=replace(Dengji,"+","")
Dengji=replace(Dengji,"|","")
Dengji=replace(Dengji,"\","")
Dengji=replace(Dengji,"/","")
Dengji=replace(Dengji,"?","")
Dengji=replace(Dengji,"<","")
Dengji=replace(Dengji,">","")
Dengji=replace(Dengji,",","")
Dengji=replace(Dengji,".","")
Dengji=replace(Dengji,"~","")
Dengji=replace(Dengji,"`","")
Dengji=replace(Dengji,"'","")
Dengji=replace(Dengji,":","")
Dengji=replace(Dengji,";","")
Dengji=replace(Dengji,"select","")
Dengji=replace(Dengji,"update","")
Dengji=replace(Dengji,"delete","")
Dengji=replace(Dengji,"append","")
Dengji=replace(Dengji,"insert","")
Dengji=replace(Dengji,"and","")
Dengji=replace(Dengji,"or","")
Dengji=replace(Dengji,"chr","")
Dengji=replace(Dengji,"char","")
Dengji=replace(Dengji,"asc","")
Dengji=replace(Dengji,"mid","")
Dengji=replace(Dengji,"len","")
Dengji=replace(Dengji,"left","")
Dengji=replace(Dengji,"is","")
Dengji=replace(Dengji,"not","")
Dengji=replace(Dengji,"shell","")
Dengji=replace(Dengji,"net","")
Dengji=replace(Dengji,"user","")
Dengji=replace(Dengji,"use","")
Dengji=replace(Dengji,"sql","")
Dengji=replace(Dengji,"master","")
Dengji=replace(Dengji,"backup","")
Dengji=replace(Dengji,"exec","")
Dengji=replace(Dengji,"add","")
Dengji=replace(Dengji,"drop","")
Dengji=replace(Dengji,"top","")
Dengji=replace(Dengji,"from","")
Dengji=replace(Dengji,"where","")
Dengji=replace(Dengji,"Dengji","")
Dengji=replace(Dengji,"get","")
Dengji=replace(Dengji,"post","")
Dengji=replace(Dengji,"in","")
Dengji1=Lcase(Dengji1)
Dengji1=replace(Dengji1,"!","")
Dengji1=replace(Dengji1,"@","")
Dengji1=replace(Dengji1,"#","")
Dengji1=replace(Dengji1,"$","")
Dengji1=replace(Dengji1,"%","")
Dengji1=replace(Dengji1,"^","")
Dengji1=replace(Dengji1,"&","")
Dengji1=replace(Dengji1,"*","")
Dengji1=replace(Dengji1,"(","")
Dengji1=replace(Dengji1,")","")
Dengji1=replace(Dengji1,"-","")
Dengji1=replace(Dengji1,"_","")
Dengji1=replace(Dengji1,"=","")
Dengji1=replace(Dengji1,"+","")
Dengji1=replace(Dengji1,"|","")
Dengji1=replace(Dengji1,"\","")
Dengji1=replace(Dengji1,"/","")
Dengji1=replace(Dengji1,"?","")
Dengji1=replace(Dengji1,"<","")
Dengji1=replace(Dengji1,">","")
Dengji1=replace(Dengji1,",","")
Dengji1=replace(Dengji1,".","")
Dengji1=replace(Dengji1,"~","")
Dengji1=replace(Dengji1,"`","")
Dengji1=replace(Dengji1,"'","")
Dengji1=replace(Dengji1,":","")
Dengji1=replace(Dengji1,";","")
Dengji1=replace(Dengji1,"select","")
Dengji1=replace(Dengji1,"update","")
Dengji1=replace(Dengji1,"delete","")
Dengji1=replace(Dengji1,"append","")
Dengji1=replace(Dengji1,"insert","")
Dengji1=replace(Dengji1,"and","")
Dengji1=replace(Dengji1,"or","")
Dengji1=replace(Dengji1,"chr","")
Dengji1=replace(Dengji1,"char","")
Dengji1=replace(Dengji1,"asc","")
Dengji1=replace(Dengji1,"mid","")
Dengji1=replace(Dengji1,"len","")
Dengji1=replace(Dengji1,"left","")
Dengji1=replace(Dengji1,"is","")
Dengji1=replace(Dengji1,"not","")
Dengji1=replace(Dengji1,"shell","")
Dengji1=replace(Dengji1,"net","")
Dengji1=replace(Dengji1,"user","")
Dengji1=replace(Dengji1,"use","")
Dengji1=replace(Dengji1,"sql","")
Dengji1=replace(Dengji1,"master","")
Dengji1=replace(Dengji1,"backup","")
Dengji1=replace(Dengji1,"exec","")
Dengji1=replace(Dengji1,"add","")
Dengji1=replace(Dengji1,"drop","")
Dengji1=replace(Dengji1,"top","")
Dengji1=replace(Dengji1,"from","")
Dengji1=replace(Dengji1,"where","")
Dengji1=replace(Dengji1,"Dengji1","")
Dengji1=replace(Dengji1,"get","")
Dengji1=replace(Dengji1,"post","")
Dengji1=replace(Dengji1,"in","")
first=0 '''表示还没有条件
if dengji<>"" and dengji<>"0" then
'''选择了获奖级别
StrSQl = StrSql & " where T_dengji='" & dengji & "'"
first=1 '''表示已经有条件
end if
if dengji1<>"" and dengji1<>"0" then
'''选择了获奖等级
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_dengji1='" & dengji1 & "'"
else
''''是第一个条件
StrSql =StrSql & " where T_dengji1='" & dengji1 & "'"
end if
first=1
end if
if course<>"" and course<>"0" then
'''选择了获奖学科
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_course='" & course & "'"
else
''''是第一个条件
StrSql =StrSql & " where T_course='" & course & "'"
end if
first=1
end if
if nian<>"" then
'''选择了获奖年份
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_year='" & nian & "'"
else
''''是第一个条件
StrSql =StrSql & " where T_year='" & nian & "'"
end if
first=1
end if
if name<>"" then
'''选择了获奖者姓名
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_name Like '%" & name & "%'"
else
''''是第一个条件
StrSql =StrSql & " where T_name Like '%" & name & "%'"
end if
first=1
end if
'''以上完成指定搜索条件的记录选择
'''##############################
else
'''#############################################################
'''默认显示国家级以上( 调整为:默认全部显示) 2005.04.20
''''strsql="SELECT * FROM student where mid(T_sort,2,1)<='2'"
strsql="SELECT * FROM student " '''默认全部显示
title="历年来 市一等奖 "
end if
'''##################################################################
strsql=strsql & " order by t_year desc,T_id desc"
''''''################################################################
'response.write strsql
'response.end
rs.open strsql,My_conn,3 '##只读打开
if rs.eof or rs.bof then
'###没有信息
set rs=nothing
my_conn.close
set my_conn=nothing
Response.write ""
' response.write "
您需要的学科竞赛获奖资料尚未收集"
' Response.Write "返回
"
response.end
end if
'每页长度
const pagelenth=20
dim pagenum
'''####################################################0404040404
if Request.form("page")<>"" then
'''选择了页号列表直接选择页2004.11.29——1 *****************************************
pagenum=request.form("page")
else
if request.querystring("pager")="" then
pagenum=1
else
pagenum=request.querystring("pager")
end if
end if
Pager=Lcase(Pager)
Pager=replace(Pager,"!","")
Pager=replace(Pager,"@","")
Pager=replace(Pager,"#","")
Pager=replace(Pager,"$","")
Pager=replace(Pager,"%","")
Pager=replace(Pager,"^","")
Pager=replace(Pager,"&","")
Pager=replace(Pager,"*","")
Pager=replace(Pager,"(","")
Pager=replace(Pager,")","")
Pager=replace(Pager,"-","")
Pager=replace(Pager,"_","")
Pager=replace(Pager,"=","")
Pager=replace(Pager,"+","")
Pager=replace(Pager,"|","")
Pager=replace(Pager,"\","")
Pager=replace(Pager,"/","")
Pager=replace(Pager,"?","")
Pager=replace(Pager,"<","")
Pager=replace(Pager,">","")
Pager=replace(Pager,",","")
Pager=replace(Pager,".","")
Pager=replace(Pager,"~","")
Pager=replace(Pager,"`","")
Pager=replace(Pager,"","")
Pager=replace(Pager,"'","")
pagenum=clng(pagenum)
'''########################1111111111111###########################
rs.pagesize=pagelenth
'###防止页数超过总长
if pagenum>rs.pagecount then pagenum=rs.pagecount
rs.movefirst
rs.AbsolutePage = pagenum
%>
<%''''下面为搜索部分内容%>
<%'''搜索部分内容结束%>
<%'2004.11.29--222-----%>
<%#@~^BwAAAA==v O+y RAEAAA==^#~@%>
序号 |
获奖年份 |
姓名 |
竞赛名称 |
获奖学科 |
获奖级别 |
获奖等级 |
<%
dim i
for i=1 to pagelenth '## 开始显示当前页
Response.Write ""
'##以下显示序号
Response.Write ""
response.write (pagenum-1)*pagelenth+i & " | "
'获奖年份
Response.Write "" & rs("T_Year") & " | "
'##姓名
Response.Write ""
'##竞赛名称
Response.write "" & rs("T_name") & " | "
'##竞赛名称
if trim(rs("T_Message"))<>"" or trim(rs("T_photo"))<>"" then
'###有文字说明或图片
'response.write " & rs("T_ID") & "' target='_blank' title='点击查看详细信息'>"
Response.Write " " & rs("T_subject") & " | "
else
Response.Write "" & rs("T_subject") & " | "
end if
'学科
Response.Write "" & rs("T_course") & " | "
'获奖级别
Response.Write "" & rs("T_dengji") & " | "
'获奖等级
Response.Write "" & rs("T_dengji1") & " | "
Response.Write "
"
rs.MoveNext
if rs.eof then
exit for
end if
next
%>
<%'''20041129_33333%>
<%
rs.Close
set rs= nothing
my_conn.Close
set my_conn = nothing
%>