//打开窗口
function OpenWindow(theURL,Width,Height,winName,theTop,theLeft)
{
	if(theTop=='') theTop = (window.screen.height-Height)/2;
    if(theLeft=='') theLeft = (window.screen.width-Width)/2;
    var features = "toolbar=0,scrollbars=yes,resizable=no,status=no,scroll=no,left=" + theLeft + ",top=" + theTop + ",width=" + Width + ",height=" + Height;
    
    window.SubWin = window.open(theURL,winName,features);
}
//计算字符串长度
function getStrLen(sTargetStr)
{
    var sTmpStr, sTmpChar;
    var nOriginLen = 0;
    var nStrLength = 0;

    sTmpStr = new String(sTargetStr);
    nOriginLen = sTmpStr.length;

    for ( var i=0 ; i < nOriginLen ; i++ ) 
    {
        sTmpChar = sTmpStr.charAt(i);

        if (escape(sTmpChar).length > 4) 
        {
            nStrLength += 2;
        } else if (sTmpChar!='\r') 
        {
            nStrLength ++;
        }
    }

    return nStrLength; 
}
//调整图片大小
var imageObject;
function ResizeImage(obj,MaxW,MaxH)
{
    if(obj!=null) imageObject=obj;
    var state=imageObject.readyState;
    if(state!='complete')
    {
        setTimeout("ResizeImage(null,"+MaxW+","+MaxH+")",50);
        return;
    }
    var oldImage=new Image();
    oldImage.src=imageObject.src;
    var dW=oldImage.width;
    var dH=oldImage.height;
    if(dW>MaxW||dH>MaxH)
    {
        a=dW/MaxW;
        b=dH/MaxH;
        if(b>a)a=b;dW=dW/a;dH=dH/a;
    }
    if(dW>0&&dH>0)
    {
        imageObject.width=dW;
        imageObject.height=dH;
    }
    var dtop=MaxH/2-dH;
}
//取QueryString
var URLParams = new Object() ;
var aParams = document.location.search.substr(1).split('&') ;
for (i=0 ; i < aParams.length ; i++) {
	var aParam = aParams[i].split('=') ;
	URLParams[aParam[0]] = aParam[1] ;
}
//设置Cookie
function setCookie(name,value,expires,path,domain,secure){
	var curCookie=name+"="+escape(value)+((expires)?";expires="+expires.toGMTString():"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");
	document.cookie=curCookie;
}
//读取COOKIE
function getCookie (CookieName) { 
	var CookieString = document.cookie; 
	var CookieSet = CookieString.split (';'); 
	var SetSize = CookieSet.length; 
	var CookiePieces 
	var ReturnValue = ""; 
	var x = 0; 
	for (x = 0; ((x < SetSize) && (ReturnValue == "")); x++) { 
		CookiePieces = CookieSet[x].split ('='); 
		if (CookiePieces[0].substring (0,1) == ' ') { 
			CookiePieces[0] = CookiePieces[0].substring (1, CookiePieces[0].length); 
	}
	if (CookiePieces[0] == CookieName) {
		ReturnValue = CookiePieces[1];
		var value =ReturnValue
		}
	}
	return value;
}
//删除Cookie
function deleteCookie(name,path,domain){
	if(getCookie(name)){
		document.cookie=name+"="+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+";expires=Thu,01-Jan-70 00:00:01 GMT";
	}
}

//搜索下拉框值与指定值匹配，并选择匹配项
function SearchSelectValue(o_Select, s_Value)
{
	for (var i=0;i<o_Select.length;i++)
	{
		if (o_Select.options[i].value == s_Value){
		
			o_Select.selectedIndex = i;
			return true;
		}
	}
	return false;
}

//LTrim(string):去除左边的空格
function LTrim(str)
{
    var whitespace = new String(" \t\n\r");
    var s = new String(str);
    if (whitespace.indexOf(s.charAt(0)) != -1){
        var j=0, i = s.length;
        while (j < i && whitespace.indexOf(s.charAt(j)) != -1){
            j++;
        }
        s = s.substring(j, i);
    }
    return s;
}
//RTrim(string):去除右边的空格
function RTrim(str)
{
    var whitespace = new String(" \t\n\r");
    var s = new String(str);
    if (whitespace.indexOf(s.charAt(s.length-1)) != -1){
        var i = s.length - 1;
        while (i >= 0 && whitespace.indexOf(s.charAt(i)) != -1){
            i--;
        }
        s = s.substring(0, i+1);
    }
    return s;
}
//Trim(string):去除前后空格
function Trim(str)
{
    return RTrim(LTrim(str));
}
//Flash输出
function insertFlash(elm,url,w,h)
{
	if(!document.getElementById(elm))return;
	var str='';
	str+='<object width="'+w+'" height="'+h+'" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0">';
	str+='<param name="movie" value="'+url+'">';
	str+='<param name="wmode" value="transparent">';
	str+='<param name="quality" value="autohigh">';
	str+='<param name="allowScriptAccess" value="always" > ';
	str+='<embed width="'+w+'" height="'+h+'" src="'+url+'" quality="autohigh" wmode="opaque" type="application/x-shockwave-flash" plugspace="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>';
	str+='</object>';
	document.getElementById(elm).innerHTML=str;
}


void Application_BeginRequest(Object sender, EventArgs e)   
    {   
        StartProcessRequest();   

    }   

    #region SQL注入式攻击代码分析   
    ///    <summary>   
    /// 处理用户提交的请求   
    ///    </summary>   
    private void StartProcessRequest()   
    {   
        try   
        {   
            string getkeys = "";   
            string sqlErrorPage = "../default.aspx";//转向的错误提示页面   
            if (System.Web.HttpContext.Current.Request.QueryString != null)   
            {   

                for (int i = 0; i    < System.Web.HttpContext.Current.Request.QueryString.Count; i++)   
                {   
                    getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];   
                    if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))   
                    {   
                        System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);   
                        System.Web.HttpContext.Current.Response.End();   
                    }   
                }   
            }   
            if (System.Web.HttpContext.Current.Request.Form != null)   
            {   
                for (int i = 0; i    < System.Web.HttpContext.Current.Request.Form.Count; i++)   
                {   
                    getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];   
                    if (getkeys == "__VIEWSTATE") continue;   
                    if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))   
                    {   
                        System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);   
                        System.Web.HttpContext.Current.Response.End();   
                    }   
                }   
            }   
        }   
        catch   
        {   
            // 错误处理: 处理用户提交信息!   
        }   
    }   
    ///    <summary>   
    /// 分析用户请求是否正常   
    ///    </summary>   
    ///    <param name="Str">传入用户提交数据   </param>   
    ///    <returns>返回是否含有SQL注入式攻击代码   </returns>   
    private bool ProcessSqlStr(string Str)   
    {   
        bool ReturnValue = true;   
        try   
        {   
            if (Str.Trim() != "")   
            {   
                string SqlStr = "and  ¦exec  ¦insert  ¦select  ¦delete  ¦update  ¦count  ¦*  ¦chr  ¦mid  ¦master  ¦truncate  ¦char  ¦declare";   

                string[] anySqlStr = SqlStr.Split('  ¦');   
                foreach (string ss in anySqlStr)   
                {   
                    if (Str.ToLower().IndexOf(ss) >= 0)   
                    {   
                        ReturnValue = false;   
                        break;   
                    }   
                }   
            }   
        }   
        catch   
        {   
            ReturnValue = false;   
        }   
        return ReturnValue;   
    }   
    #endregion