guestbook.asp

功能强大的一个b/s工作站

<!--#include file="config.asp"-->
<!--#include file="conn.asp"-->
<!--#include file="format.asp"-->
<!--#include file="error.asp"-->
<!--#include file="lib/incjs.asp"-->
<!--#include file="lib/guestbook_body.asp"-->
<!--#include file="lib/gbfooter.asp"-->
<link rel="stylesheet" href="<%=themepath%>/gbstyle.css" type="text/css">
<%
stats="留言簿"
' *** Edit Operations: declare variables

MM_editAction = CStr(Request("URL"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Request.QueryString
End If

' boolean to abort record edit
MM_abortEdit = false

' query string to execute
MM_editQuery = ""

' *** Insert Record: set variables

If (CStr(Request("MM_insert")) <> "") Then

  MM_editConnection = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(DB_gb)
  MM_editTable = "gb"
  MM_editRedirectUrl = "guestbook.asp"
  MM_fieldsStr  = "gb_poster|value|gb_postersex|value|gb_posteremail|value|gb_posterqq|value|gb_posterhome|value|gb_posterfrom|value|gb_content|value"
  MM_columnsStr = "gb_poster|',none,''|gb_postersex|',none,''|gb_posteremail|',none,''|gb_posterqq|',none,''|gb_posterhome|',none,''|gb_posterfrom|',none,''|gb_content|',none,''"

  ' create the MM_fields and MM_columns arrays
  MM_fields = Split(MM_fieldsStr, "|")
  MM_columns = Split(MM_columnsStr, "|")
  
  ' set the form values
  For i = LBound(MM_fields) To UBound(MM_fields) Step 2
    MM_fields(i+1) = CStr(Request.Form(MM_fields(i)))
  Next

End If

' *** Insert Record: construct a sql insert statement and execute it

If (CStr(Request("MM_insert")) <> "") Then

  ' create the sql insert statement
  MM_tableValues = ""
  MM_dbValues = ""
  For i = LBound(MM_fields) To UBound(MM_fields) Step 2
    FormVal = MM_fields(i+1)
    MM_typeArray = Split(MM_columns(i+1),",")
    Delim = MM_typeArray(0)
    If (Delim = "none") Then Delim = ""
    AltVal = MM_typeArray(1)
    If (AltVal = "none") Then AltVal = ""
    EmptyVal = MM_typeArray(2)
    If (EmptyVal = "none") Then EmptyVal = ""
    If (FormVal = "") Then
      FormVal = EmptyVal
    Else
      If (AltVal <> "") Then
        FormVal = AltVal
      ElseIf (Delim = "'") Then  ' escape quotes
        FormVal = "'" & Replace(FormVal,"'","''") & "'"
      Else
        FormVal = Delim + FormVal + Delim
      End If
    End If
    If (i <> LBound(MM_fields)) Then
      MM_tableValues = MM_tableValues & ","
      MM_dbValues = MM_dbValues & ","
    End if
    MM_tableValues = MM_tableValues & MM_columns(i)
    MM_dbValues = MM_dbValues & FormVal
  Next
  MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues & ") values (" & MM_dbValues & ")"

  If (Not MM_abortEdit) Then
    ' execute the insert
    Set MM_editCmd = Server.CreateObject("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_editConnection
    MM_editCmd.CommandText = MM_editQuery
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close
	
	openadmin
    sql="update allcount set gbcount = gbcount + 1"
    conn.execute(sql)
    closedatabase

	If (MM_editRedirectUrl <> "") Then
      Response.Redirect(MM_editRedirectUrl)
    End If
  End If

End If

dim founderr,errmsg
errmsg=""
founterr=false

call chkparam()
if founderr then
   call diserror()
else
  call showgb_body()
  call endpage()
end if

rem -------------------
rem ----检查URL参数----
rem -------------------
sub chkparam()
if request("page")<>"" then
  if not isInteger(request("page")) then
    founderr=true
    errmsg=errmsg+"<br>"+"<li>非法的留言分页参数。"
  end if
end if
if request("key")<>"" then
  if instr(request("key"),"'")>0 then
    founderr=true
    errmsg=errmsg+"<br>"+"<li>非法的留言搜索参数。"
  end if
end if
end sub
%>