<% ConnectStringRO = "uid=promx_ro;pwd=gerx#*7;driver={SQL Server};server=209.195.134.5;Address=209.195.134.5,3692;Network=DBMSSOCN;database=promx;" ConnectStringFull = "uid=promx;pwd=pxdna1;driver={SQL Server};server=209.195.134.5;Address=209.195.134.5,3692;Network=DBMSSOCN;database=promx;" Function OpenDatabase(readonly) if readonly then connectstring = ConnectStringRO else connectstring = ConnectStringFull end if set DBConn = Server.CreateObject("ADODB.Connection") DBConn.Open(ConnectString) Set OpenDatabase = DBConn End Function Function CreateRecordSet(db,sql) Set cmdTemp = Server.CreateObject("ADODB.Command") cmdTemp.CommandType = 1 Set cmdTemp.ActiveConnection = db cmdTemp.CommandText = sql set rstemp=Server.CreateObject("ADODB.Recordset") rstemp.Open cmdTemp,,3,1 Set CreateRecordSet = rstemp End Function Function FixSQL(sql) if not isnull(sql) then s = Replace(sql,"'","''") s = Replace(s, "--", "--") FixSQL = s end if End Function Function UpdateDB(db,sql) db.execute(sql) End Function function verify() if session("Admin") = "" then response.redirect("index.asp?error=nologin") end function function validate(v, t) validate = true value = lcase(v) t = lcase(t) if value <> "" then if t = "int" then if not isnumeric(value) then validate = false if instr(value, ".") > 0 then validate = false elseif t = "guid" then if len(value) <> 38 then validate = false if instr(value, "{") <> 1 then validate = false if instr(value, "}") <> 38 then validate = false if instr(value, "-") <> 10 then validate = false end if if instr(value, "sp_") <> 0 then validate = false if instr(value, "xp_") <> 0 then validate = false if instr(value, "--") <> 0 then validate = false if instr(value, "1=1") <> 0 then validate = false if instr(value, " 0 then validate = false if not validate then response.redirect("http://" & request.ServerVariables("HTTP_HOST") & "/") end if end function %>