%@ LANGUAGE = VBScript.Encode %>
<%
response.buffer=true
response.expiresAbsolute=now()-1
response.AddHeader "Cache-Control","Private"
if len(Request.ServerVariables("query_string"))>60 then
Response.write ""
response.end
end if
''''''''################################
'''''''################################
'''''''以下控制脚本后所带的参数是否含有字符select和from
if instr(lcase(Request.ServerVariables("query_string")),"select")>0 or instr(lcase(Request.ServerVariables("query_string")),"from")>0 then
Response.write ""
response.end
end if
''''''#########################################
ID_Num=Request.QueryString("T_Id")
ID_Num=Lcase(ID_Num)
ID_Num=replace(ID_Num,"!","")
ID_Num=replace(ID_Num,"@","")
ID_Num=replace(ID_Num,"#","")
ID_Num=replace(ID_Num,"$","")
ID_Num=replace(ID_Num,"%","")
ID_Num=replace(ID_Num,"^","")
ID_Num=replace(ID_Num,"&","")
ID_Num=replace(ID_Num,"*","")
ID_Num=replace(ID_Num,"(","")
ID_Num=replace(ID_Num,")","")
ID_Num=replace(ID_Num,"-","")
ID_Num=replace(ID_Num,"_","")
ID_Num=replace(ID_Num,"=","")
ID_Num=replace(ID_Num,"+","")
ID_Num=replace(ID_Num,"|","")
ID_Num=replace(ID_Num,"\","")
ID_Num=replace(ID_Num,"/","")
ID_Num=replace(ID_Num,"?","")
ID_Num=replace(ID_Num,"<","")
ID_Num=replace(ID_Num,">","")
ID_Num=replace(ID_Num,",","")
ID_Num=replace(ID_Num,".","")
ID_Num=replace(ID_Num,"~","")
ID_Num=replace(ID_Num,"`","")
ID_Num=replace(ID_Num,"'","")
ID_Num=replace(ID_Num,":","")
ID_Num=replace(ID_Num,";","")
ID_Num=replace(ID_Num,"select","")
ID_Num=replace(ID_Num,"update","")
ID_Num=replace(ID_Num,"delete","")
ID_Num=replace(ID_Num,"append","")
ID_Num=replace(ID_Num,"insert","")
ID_Num=replace(ID_Num,"and","")
ID_Num=replace(ID_Num,"or","")
ID_Num=replace(ID_Num,"chr","")
ID_Num=replace(ID_Num,"char","")
ID_Num=replace(ID_Num,"asc","")
ID_Num=replace(ID_Num,"mid","")
ID_Num=replace(ID_Num,"len","")
ID_Num=replace(ID_Num,"left","")
ID_Num=replace(ID_Num,"is","")
ID_Num=replace(ID_Num,"not","")
ID_Num=replace(ID_Num,"shell","")
ID_Num=replace(ID_Num,"net","")
ID_Num=replace(ID_Num,"user","")
ID_Num=replace(ID_Num,"use","")
ID_Num=replace(ID_Num,"sql","")
ID_Num=replace(ID_Num,"master","")
ID_Num=replace(ID_Num,"backup","")
ID_Num=replace(ID_Num,"exec","")
ID_Num=replace(ID_Num,"add","")
ID_Num=replace(ID_Num,"drop","")
ID_Num=replace(ID_Num,"top","")
ID_Num=replace(ID_Num,"from","")
ID_Num=replace(ID_Num,"where","")
ID_Num=replace(ID_Num,"name","")
ID_Num=replace(ID_Num,"get","")
ID_Num=replace(ID_Num,"post","")
ID_Num=replace(ID_Num,"in","")
%>
教师获奖
<%
dim my_conn
set my_conn=server.createobject("adodb.connection")
my_conn.Open "dsn=zhzxdsn;uid=;pwd=;"
''''############################################################
on error resume next
set rs = server.CreateObject("ADODB.RecordSet")
'''#############################################################
if request.form("mode")="search" or request.querystring("mode")="search" then
'''是搜索结果的显示
'''#######################################
if request.form("mode")="search" then
'''是提交搜索后的第一页
xingming=trim(request.form("xingming")) '''姓名
nian=trim(request.form("nian")) '''年份
jibie=request.form("jibie") '''等级
rongyu=trim(request.form("rongyu")) '''称号关键词
else
'''是多页之间的跳转
xingming=request.querystring("xingming")
nian=request.querystring("nian")
jibie=request.querystring("jibie")
rongyu=request.querystring("rongyu")
end if
'''#######################################
''''#####################################################################
'''允许全部显示
' If xingming="" and (jibie="" or jibie="0") and nian="" and rongyu="" then ' 无搜索内容
' Response.Write "
"
' my_conn.Close
' set my_conn = nothing
' response.end
' end if
''#################################################################
strsql="SELECT * FROM teacher " '''全部
title="指定搜索条件的"
Xingming=Lcase(Xingming)
Xingming=replace(Xingming,"!","")
Xingming=replace(Xingming,"@","")
Xingming=replace(Xingming,"#","")
Xingming=replace(Xingming,"$","")
Xingming=replace(Xingming,"%","")
Xingming=replace(Xingming,"^","")
Xingming=replace(Xingming,"&","")
Xingming=replace(Xingming,"*","")
Xingming=replace(Xingming,"(","")
Xingming=replace(Xingming,")","")
Xingming=replace(Xingming,"-","")
Xingming=replace(Xingming,"_","")
Xingming=replace(Xingming,"=","")
Xingming=replace(Xingming,"+","")
Xingming=replace(Xingming,"|","")
Xingming=replace(Xingming,"\","")
Xingming=replace(Xingming,"/","")
Xingming=replace(Xingming,"?","")
Xingming=replace(Xingming,"<","")
Xingming=replace(Xingming,">","")
Xingming=replace(Xingming,",","")
Xingming=replace(Xingming,".","")
Xingming=replace(Xingming,"~","")
Xingming=replace(Xingming,"`","")
Xingming=replace(Xingming,"","")
Xingming=replace(Xingming,"'","")
Nian=Lcase(Nian)
Nian=replace(Nian,"!","")
Nian=replace(Nian,"@","")
Nian=replace(Nian,"#","")
Nian=replace(Nian,"$","")
Nian=replace(Nian,"%","")
Nian=replace(Nian,"^","")
Nian=replace(Nian,"&","")
Nian=replace(Nian,"*","")
Nian=replace(Nian,"(","")
Nian=replace(Nian,")","")
Nian=replace(Nian,"-","")
Nian=replace(Nian,"_","")
Nian=replace(Nian,"=","")
Nian=replace(Nian,"+","")
Nian=replace(Nian,"|","")
Nian=replace(Nian,"\","")
Nian=replace(Nian,"/","")
Nian=replace(Nian,"?","")
Nian=replace(Nian,"<","")
Nian=replace(Nian,">","")
Nian=replace(Nian,",","")
Nian=replace(Nian,".","")
Nian=replace(Nian,"~","")
Nian=replace(Nian,"`","")
Nian=replace(Nian,"","")
Nian=replace(Nian,"'","")
Rongyu=Lcase(Rongyu)
Rongyu=replace(Rongyu,"!","")
Rongyu=replace(Rongyu,"@","")
Rongyu=replace(Rongyu,"#","")
Rongyu=replace(Rongyu,"$","")
Rongyu=replace(Rongyu,"%","")
Rongyu=replace(Rongyu,"^","")
Rongyu=replace(Rongyu,"&","")
Rongyu=replace(Rongyu,"*","")
Rongyu=replace(Rongyu,"(","")
Rongyu=replace(Rongyu,")","")
Rongyu=replace(Rongyu,"-","")
Rongyu=replace(Rongyu,"_","")
Rongyu=replace(Rongyu,"=","")
Rongyu=replace(Rongyu,"+","")
Rongyu=replace(Rongyu,"|","")
Rongyu=replace(Rongyu,"\","")
Rongyu=replace(Rongyu,"/","")
Rongyu=replace(Rongyu,"?","")
Rongyu=replace(Rongyu,"<","")
Rongyu=replace(Rongyu,">","")
Rongyu=replace(Rongyu,",","")
Rongyu=replace(Rongyu,".","")
Rongyu=replace(Rongyu,"~","")
Rongyu=replace(Rongyu,"`","")
Rongyu=replace(Rongyu,"","")
Rongyu=replace(Rongyu,"'","")
Jibie=Lcase(Jibie)
Jibie=replace(Jibie,"!","")
Jibie=replace(Jibie,"@","")
Jibie=replace(Jibie,"#","")
Jibie=replace(Jibie,"$","")
Jibie=replace(Jibie,"%","")
Jibie=replace(Jibie,"^","")
Jibie=replace(Jibie,"&","")
Jibie=replace(Jibie,"*","")
Jibie=replace(Jibie,"(","")
Jibie=replace(Jibie,")","")
Jibie=replace(Jibie,"-","")
Jibie=replace(Jibie,"_","")
Jibie=replace(Jibie,"=","")
Jibie=replace(Jibie,"+","")
Jibie=replace(Jibie,"|","")
Jibie=replace(Jibie,"\","")
Jibie=replace(Jibie,"/","")
Jibie=replace(Jibie,"?","")
Jibie=replace(Jibie,"<","")
Jibie=replace(Jibie,">","")
Jibie=replace(Jibie,",","")
Jibie=replace(Jibie,".","")
Jibie=replace(Jibie,"~","")
Jibie=replace(Jibie,"`","")
Jibie=replace(Jibie,"","")
Jibie=replace(Jibie,"'","")
first=0 '''表示还没有条件
if jibie<>"" and jibie<>"0" then
'''选择了获奖级别
StrSQl = StrSql & " where T_dengji=" & cint(jibie)
first=1 '''表示已经有条件
end if
if rongyu<>"" and rongyu<>"输入关键字" then
'''选择了荣誉称号
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_subject Like '%" & rongyu & "%'"
else
''''是第一个条件
StrSql =StrSql & " where T_subject Like '%" & rongyu & "%'"
end if
first=1
end if
if nian<>"" then
'''选择了获奖年份
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_year Like '%" & nian & "%'"
else
''''是第一个条件
StrSql =StrSql & " where T_year Like '%" & nian & "%'"
end if
first=1
end if
if xingming<>"" then
'''选择了获奖者姓名
if first=1 then
'''前面已经有另外的条件
StrSql =StrSql & " and T_name Like '%" & xingming & "%'"
else
''''是第一个条件
StrSql =StrSql & " where T_name Like '%" & xingming & "%'"
end if
first=1
end if
'''以上完成指定搜索条件的记录选择
'''##############################
else
'''#############################################################
'''以下是全部显示
strsql="SELECT * FROM teacher "
title="历年来"
end if
'''##################################################################
strsql=strsql & " order by T_ID desc,T_Year desc , T_dengji"
'strsql=strsql & " order by T_year desc,T_dengji,T_name asc" 原先是以年份中等级优先的(20080911修改)
''''''################################################################
rs.open strsql,My_conn,3 '##只读打开
if rs.eof or rs.bof then
'###没有信息
set rs=nothing
my_conn.close
set my_conn=nothing
Response.write ""
response.end
end if
'每页长度
const pagelenth=20
dim pagenum
'''####################################################0404040404
if Request.form("page")<>"" then
'''选择了页号列表直接选择页2004.11.29——1 *****************************************
pagenum=request.form("page")
else
if request.querystring("pager")="" then
pagenum=1
else
pagenum=request.querystring("pager")
end if
end if
pagenum=clng(pagenum)
'''########################1111111111111###########################
rs.pagesize=pagelenth
'###防止页数超过总长
if pagenum>rs.pagecount then pagenum=rs.pagecount
rs.movefirst
rs.AbsolutePage = pagenum
%>
<%'下面为搜索部分内容%>
<%'2004.11.29--222-----%>
<%'--222-%>
序号
获奖年份
姓
名
荣誉称号
授奖单位
<%
dim i
for i=1 to pagelenth '##开始显示当前页
Response.Write "
"
' if trim(rs("T_Message"))<>"" or trim(rs("T_photo"))<>"" then
'###有文字说明或图片
response.write "" & rs("T_name") & ""
' else
'###没有详细内容
' Response.Write rs("T_name")
' end if
response.write "
"
'##荣誉称号
response.write
if trim(rs("T_Message"))<>"" or trim(rs("T_photo"))<>"" then
Response.Write "