<%
db="data/data.mdb" '数据库存放目录
on error resume next
set conn=server.createobject("adodb.connection")
conn.open "driver={microsoft access driver (*.mdb)};dbq="&server.mappath(db)
if err then
err.clear
set conn = Nothing
response.write "数据库连接出错，请检查conn.asp中的连接字符串。"
response.end
end if
function CloseDB
Conn.Close
set Conn=Nothing
End Function
%>
<%
dim badword
badword="'|and|select|update|chr|delete|%20from|;|insert|mid|master.|set|chr(37)|="
if request.QueryString<>"" then
chk=split(badword,"|")
for each query_name in request.querystring
for i=0 to ubound(chk)
if instr(lcase(request.querystring(query_name)),chk(i))<>0 then
response.write "<script language=javascript>alert('传参错误！参数 "&query_name&" 的值中包含非法字符串！\n\n');location='"&request.ServerVariables("HTTP_REFERER")&"'</Script>"
response.end
end if
next
next
end if
%>

<!--＃i nclude file="conn.asp"-->
<%
if request("action")="reg" then
set rs=server.CreateObject("adodb.recordset")
rs.open "select * from user where name='"&trim(request("name"))&"'",conn,1,1
if rs.recordcount>0 then
response.write "<Script language='JavaScript'>window.alert('您输入的用户名已存在，请返回重新输入！');history.back(-1);</Script>"
response.End()
end if
sql="select * from user"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.addnew
rs("name")=trim(request.Form("name"))
rs("pwd")=trim(request.Form("pwd"))
rs("wenti")=trim(request.Form("wenti"))
rs("daan")=trim(request.Form("daan"))
rs.update
rs.close
set rs=nothing
response.write "<script language=javascript> alert('注册成功，点击确定立即登录！');location.replace('login.asp');</script>"
response.end
end if
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>

<body><!--＃i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>用户注册
<form name="form1" method="post" action="?action=reg" >
<table width="347" border="1" cellpadding="5" cellspacing="0">
<tr>
<td width="142">用户名</td>
<td width="179"><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td>密码</td>
<td><input name="pwd" type="password" id="pwd"></td>
</tr>
<tr>
<td>密码提示问题</td>
<td><input name="wenti" type="text" id="wenti"></td>
</tr>
<tr>
<td>密码提示答案</td>
<td><input name="daan" type="text" id="daan"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="注册">
<input type="reset" name="Submit" value="重置"> </td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td><a href="/"";index.asp">首页</a>
<%
if Session("name")="" then
%>
<a href="/"";reg.asp">注册</a> <a href="/"";login.asp">登陆</a>
<a href="/