新微赢技术网

标题: 操作符丢失 [打印本页]

作者: 藤蘿下的陽光    时间: 2010-1-19 06:52
标题: 操作符丢失
<!--#include virtual="A_conn/syscode.asp"-->
<%
if request("df")="kong" then session("difang")=empty
'on error resume next
Set Conn=Server.CreateObject("ADODB.Connection")
Connstr="DBQ="+server.mappath("database.asa")+";DRIVER={Microsoft Access Driver (*.mdb)}"
'ConnStr = "Provider = Sqloledb; User ID = sa; Password = rysea2004; Initial Catalog = job; Data Source = (local);"
'ConnStr = "Provider = Sqloledb; User ID = sa; Password = ; Initial Catalog = job; Data Source = ceo;"
Conn.Open connstr
'显示首页调用新闻列表 格式:call shouyenews(n,lang,dalei,xiaolei,wenzhangurl,fuhao) 参数:n:调用多少条,lang:
标题长度,dalei:调用大类,xiaolei:调用小类,wenzhangurl:显示新闻文章页面,fuhao:标签前面修饰符号
if application(cstr(day(now()))) = "" then
set rs=server.createobject("ADODB.Recordset")
sql="select count(*) as expr1000 from 个人资料"
rs.open sql,conn,1,1
Application("grzl")=rs("expr1000") + 100000
rs.close
set rs=nothing

set rs=server.createobject("ADODB.Recordset")
sql="select count(*) as expr1000 from 招聘信息"
rs.open sql,conn,1,1
Application("zpxx")=rs("expr1000") + 4000
rs.close
set rs=nothing
set rs=server.createobject("ADODB.Recordset")
sql="select count(*) as expr1000 from 公司资料"
rs.open sql,conn,1,1
Application("gszl")=rs("expr1000") + 2000
rs.close
set rs=nothing
'失效职位
' conn.execute("UPDATE 招聘信息 SET 招聘信息.状态 = '失效' WHERE ((GATDATE()>=招聘信息.发布日期+(招聘信息.有效时间+1)))")
' conn.execute("UPDATE dbo.招聘信息 SET dbo.招聘信息.发布日期 = getdate() from dbo.招聘信息 INNER JOIN dbo.公司资料 ON dbo.招聘信息.公司名称 = dbo.公司资料.帐号 WHERE dbo.公司资料.自动更新='yes' and dbo.公司资料.会员='贵宾会员';")
conn.execute("UPDATE 招聘信息 SET 招聘信息.状态 = '失效' WHERE ((now()>=招聘信息.发布日期+(招聘信息.有效时间+1)))")
conn.execute("UPDATE dbo.招聘信息 SET dbo.招聘信息.发布日期 = now() from dbo.招聘信息 INNER JOIN dbo.公司资料 ON dbo.招聘信息.公司名称 = dbo.公司资料.帐号 WHERE dbo.公司资料.自动更新='yes' and dbo.公司资料.会员='贵宾会员';")
application(cstr(day(now()))) = "yes"

'application("online") = 300

end if
%>
<%
If Trim(Request.QueryString) <> "" Then
strTemp = strTemp & "?" & Trim(Request.QueryString)
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20") or
Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or
Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or
Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or
Instr(strTemp,"net%20localgroup%20administrators") or Instr(strTemp,":") or Instr(strTemp,"net%20user") or
Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
Response.Write "非法地址!!"
response.End()
Response.Write ""
End If
end if
'response.write request.Form
If Trim(Request.form) <> "" Then
strTemp = strTemp & "?" & Trim(Request.form)
If Instr(strTemp,"select+") or Instr(strTemp,"insert+") or Instr(strTemp,"delete+") or Instr(strTemp,"count(") or
Instr(strTemp,"drop+table") or Instr(strTemp,"update+") or Instr(strTemp,"truncate+") or Instr(strTemp,"asc(") or
Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec+master") or
Instr(strTemp,"net+localgroup+administrators") or Instr(strTemp,":") or Instr(strTemp,"net+user") or
Instr(strTemp,"'") or Instr(strTemp,"+or+") then
Response.Write "非法地址!!"
response.End()
Response.Write ""
End If
end if
%>



浏览器执行后发现


Microsoft OLE DB Provider for ODBC Drivers 错误 '80040e14'
[Microsoft][ODBC Microsoft Access Driver] 语法错误 (操作符丢失) 在查询表达式 'now() from dbo.招聘信息 INNER JOIN dbo.公司资料 ON dbo.招聘信息.公司名称 = dbo.公司资料.帐号' 中。

/conn.asp,行41

帮帮忙看看




欢迎光临 新微赢技术网 (http://bbs.weiying.cn/) Powered by Discuz! X3.2