日期:2013-03-13  浏览次数:20823 次

1.防止用户直接访问页面(防止自制表单提交,直接通过链接访问)
function checkPrePage()
url=request.ServerVariables("HTTP_REFERER")
url=trim(replace(url,"http://",""))
url=trim(left(url,len(request.ServerVariables("SERVER_NAME"))))
if url<>trim(request.ServerVariables("server_name")) then
response.Write("请通过正当的方法访问本网站")
response.End()
end if
end function



2.通过一下的两个函数可以实现图片,文字的同时提交处理。
Function BinaryToString(str)
strto = ""
for i=1 to lenb(str)
if AscB(MidB(str, i, 1)) > 127 then
strto = strto & chr(Ascb(MidB(str, i, 1))*256+Ascb(MidB(str, i+1, 1)))
i = i + 1
else
strto = strto & Chr(AscB(MidB(str, i, 1)))
end if
next
BinaryToString=strto
End Function

function gainformdata(n)
dim formsize,formdata,divider,datastart,dataend
redim mydata(n-1)
formsize = Request.TotalBytes
formdata = Request.BinaryRead(formsize)
for i=1 to n
bncrlf = chrB(13) & chrB(10)
divider = leftB(formdata,clng(instrB(formdata,bncrlf))-1)
datastart = instrB(formdata,bncrlf & bncrlf)+4
dataend = instrB(datastart+1,formdata,divider) - datastart-2
mydata(i-1) = midB(formdata,datastart,dataend)
formdata=rightB(formdata,clng(formsize-instrB(datastart+1,formdata,divider))+1)
formsize=lenB(formdata)
next
gainformdata=mydata
end function

Demo:
a.htm:
<form name="form1" method="post" action="b.asp" enctype="multipart/form-data">
<textarea name="txt"></textarea>
<input type="file" name="file">
<input type="submit" name="Submit" value="提交">
</form>

b.asp:
'链接数据库
data=gainfromdata(2)
rs("txt")=binarytostring(data(0))
rs("img").appendchunk=data(1)



3.弹出提示信息 , 确定 与 取消 怎么做的
onclick="{if(confirm('确定删除选定的纪录吗?')){this.document.inbox.submit();return true;}return false;}"



4.组合查询的优化,谢谢
sql = "select * from book where bname like '%" & txtbname.Text & "%' and bauthor like '%" & txtauthor.Text & "%' and bpublish like '%" & txtpublish.Text & "%' and bdescription like '%" & txtdescription.Text & "%' order by bookid desc"

组合查询,有是四个组合条件,这样写是不是效率比较低,我该怎么优化一下呢?
谢谢。

分析,在SQL中,用LIKE是比较费时间的,所以最好是少用。

同时 ,四个TEXT框,输入条件是,一定会有没有输入的条件的时候,就会出现 LIKE "%"的情况,其实这种情况下就等于这个条件没有。

所以,把生成SQL语句的代码多写些,
Dim WhereStr as string
if txtbname.Text<>"" then
WhereStr="bname like '%" & txtbname.Text & "%'"
ELSE IF ....
.....
ENDIF
这样是一个概率的问题,如果四个全输入的话,是一样的,但如果只输入一个的问,速度会比你的快些!

sql = "select * from book where "
If txtbname.Text <> "" Then
sql = sql & "bname like '%" & txtbname.Text & "%'"
ElseIf txtauthor.Text <> "" Then
sql = sql & "bauthor like '%" & txtauthor.Text & "%'"
ElseIf txtpublish.Text <> "" Then
sql = sql & "bpublish like '%" & txtpublish.Text & "%'"
ElseIf txtdescription.Text <> "" Then
sql = sql & "bdescription like '%" & txtdescription.Text & "%' "
End If



5.如何禁止刷新
<SCRIPT LANGUAGE="JavaScript">
document.onkeydown = function() {
if(event.keyCode==116) {
event.keyCode=0;
event.returnValue = false;
}
}
document.oncontextmenu = function() {event.returnValue = false;}
</SCRIPT>
页面已经禁止刷新



6.sql server 用:sql = "update reg set dealtime=getdate() where id= " & request.querystring("id")
因为 SQL SERVER里没有 now() 这