add_ad.asp

大家好

<%
	function fixQuotes(theString)
			fixQuotes=Replace(theString,"'","''")
	end function
	On Error RESUME NEXT
	Set con=Server.CreateObject("ADODB.Connection")
	con.Open Application("DBCon_ConnectionString")
	username=Session("username")
	'再次检查是否存在此用户,及是否有效
	strSql="SELECT yonghu,youxiao FROM yonghu WHERE yonghu='"+username+"'"
	Set rs1=con.Execute(strSql)
	if rs1("yonghu")="" then
		response.redirect "../syspages/error_nothisuser.htm"
		'错误:没有这个用户
	end if
	if rs1("youxiao")<=0 then   
		response.redirect "../syspages/error_invalid.htm"
	end if
	if rs1("youxiao")=2 then   '修改
		if Session("modify")<>1 then	'防止直接申请本页
			response.redirect "../syspages/error.htm"
		else
			strSql="UPDATE guanggao SET"
			strSql=strSql+" guojia='"+fixQuotes(TRIM(Request.Form("guojia")))
			strSql=strSql+"',chengshi='"+fixQuotes(TRIM(Request.Form("chengshi")))
			strSql=strSql+"',dailishang='"+fixQuotes(TRIM(Request.Form("dailishang")))
			strSql=strSql+"',lianxiren='"+fixQuotes(TRIM(Request.Form("lianxiren")))
			strSql=strSql+"',dizhi='"+fixQuotes(TRIM(Request.Form("dizhi")))
			strSql=strSql+"',youbian='"+fixQuotes(TRIM(Request.Form("youbian")))
			strSql=strSql+"',dianhua='"+fixQuotes(TRIM(Request.Form("dianhua")))
			strSql=strSql+"',e_mail='"+fixQuotes(TRIM(Request.Form("e_mail")))
			strSql=strSql+"',neirong='"+fixQuotes(replace(TRIM(Request.Form("neirong")),vbcrlf,"<br>"))
			strSql=strSql+"',fenlei1='"+fixQuotes(TRIM(Request.Form("fenlei1")))
			strSql=strSql+"',fenlei2='"+fixQuotes(TRIM(Request.Form("fenlei2")))
			strSql=strSql+"',faburiqi=getdate()"
			strSql=strSql+" Where yonghu='"+ Session("username")+"'"
'response.write strsql
			Set rs=con.Execute(strSql,insertnum)
			'if insertnum=1 then
				'成功
				'修改有效值
				response.redirect "../syspages/sys_modadsuc.htm"
			'else
			'	response.redirect "../syspages/error.htm"
			'end if
			response.end
		end if
	end if
	rs1.close
	'加入广告
	strSql="INSERT guanggao VALUES('"+username+"','"+Request.Form("guojia")
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("chengshi")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("danwei")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("dailishang")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("lianxiren")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("dizhi")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("youbian")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("dianhua")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("e_mail")))
	strSql=strSql+"','"+fixQuotes(replace(TRIM(Request.Form("neirong")),vbcrlf,"<br>"))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("fenlei1")))
	strSql=strSql+"','"+fixQuotes(TRIM(Request.Form("fenlei2")))
	strSql=strSql+"',getdate()"
	strSql=strSql+",0)"
'response.write strsql
	insertnum=0
	Set rs=con.Execute(strSql,insertnum)
	if insertnum=1 then
		'成功
		'修改有效值
		valid=valid-1
		strSql="UPDATE yonghu SET youxiao=2 WHERE yonghu='"+username+"'"
		con.Execute strSql
		response.redirect "../syspages/sys_addadsuc.htm"
	else
		response.redirect "../syspages/error.htm"
	end if
%>