raddnew.asp

经过一些更改的留言板

<!--#include file="data.asp"-->
 <%
 if instr(request.servervariables("http_referer"),"show")<1 then
    response.redirect "index.asp"
 end if

     dim title,name,pass,email,qq,url,pic,nei,t,rt,yd,hf,jh,bl
      dim rtid, rs, exec1, rs2, rs1, reID, reTime
	  
      title=encodestr(Request.form("title"))
      name=encodestr(Request.form("name"))
      pass=encodestr(Request.form("pass"))
      email=encodestr(Request.form("email"))
	  qq=encodestr(Request.form("qq"))
      url=encodestr(Request.form("url"))
      nei=replace(Request.form("nei"),"'","""")
      pic=encodestr(Request.form("pic"))
	  rtid=encodestr(Request.form("rtid"))
      bl=0
      
      if len(title)>40 then
         session("error")="留言标题不可以超过40个字符！！！"
		 response.redirect("error.asp")
      end if
      if len(name)>10 then
         session("error")="用户名不可以超过10个字符！！！"
		 response.redirect("error.asp")
      end if

 
 if pass<>"" then
    exec1="select * from blyh where name='"&name&"'"
    Set RS = Server.CreateObject("ADODB.RecordSet") 
    rs.Open exec1, Conn, 1, 1
    if not rs.eof then
       if pass=rs("pass") then
			rsclose()
			bl=1
       else
	   		rsclose()
			connclose()
			session("error")="保留用户密码帐号不对应！！！"
       		response.redirect "error.asp"
       end if
    else
		rsclose()
       Set rs = Server.CreateObject("ADODB.Recordset")
	   exec1="select top 1 * from blyh"
       rs.Open exec1,conn,1,2
       rs.addnew
       rs("name")=name
       rs("pass")=pass
       rs("t1")=now
       rs.update
	   rsclose()
		exec1="update const set userNum=userNum+1"
		conn.execute(exec1)
       bl=1
    end if
 end if


Set rs = Server.CreateObject("ADODB.Recordset")
exec1="select top 1 * from ly order by id desc"
rs.Open exec1,conn,1,2
	rs.addnew
	rs("name")=name
	rs("title")=title
	rs("email")=email
	rs("qq")=qq
	rs("url")=url
	rs("nei")=nei
	rs("t")=now
	rs("pic")=pic
	rs("bl")=bl
	rs("yd")=0
	rs("hf")=0
	rs("jh")=0
	rs("rt")=rtid
	rs.update
	rs.requery
	reID=rs("id")
	reTime=rs("t")
	rsclose()
     
exec1="update ly set hf=hf+1,reid="&reid&",reTime=#"&reTime&"# where id=" + CStr(rtid)
conn.execute(exec1)
	
connclose()

response.cookies("gbook")("username")=name
response.cookies("gbook")("password")=pass
response.cookies("gbook")("email")=email
response.cookies("gbook")("qq")=qq
response.cookies("gbook")("url")=url

response.redirect "addok.asp"    
%>