The blogx program that i'm using now(http://www.blanksoft.com/blogx) is written by me base on Matthew1471's BlogX
I had expanded some features besides change the UI style and UI language.
I will break off it's reform up-to-the-minute.In order to share my effort to more peolple,i upload it to planet-source-code. i wish it can bring some convenience to user.
Download it from
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=8845&lngWId=4#refresh
When i develop my website with asp,i find the following problem:
My database's path in the root\database,and my conn.asp(define the connectionstring)in the root\includes
Because the files that need access the database locate in the root,so the connectionstring like this:
“Provider=Microsoft.Jet.OLEDB.4.0;Data Source=./database/database.mdb;"
When you browse the files located the root diectory,it work well,but if someone type this in the address textbox in the internet browser:
http://myserver/includes/conn.asp
it will raise a error:
can't find file “x:\somedirectory\myserver\includes\database\database.mdb“
....
some hacker will find that my database name is database.mdb and it's located x:\somedirectory\myserver\database
so after he(she) download my database to his(her) local harddisk,my private data will exposure.
Reference to some articles ,we can insert “on error resume next “ to skip this error,but i find it's a better way to resolve this problem.
We can build a path string with “Request.ServerVariables("APPL_PHYSICAL_PATH")“ instead of “Server.MapPath“
After processing like this ,we can include this conn.asp in any page regardless of it's location.