query.asp

以前企业建网站

<!--#include file="top.asp"-->
<center>
<table bgcolor=
<%sql="select * from sys"
rs.open sql,conn,3,3%>
<%=rs("sys_color")%>
<%rs.close%>
 border="0" width="780" cellspacing="0" cellpadding="0" height="312">
<tr>
<td width="150" valign="top" align="center">
<table border="0" width="150" cellspacing="0" cellpadding="0">
<tr>
<td width="150" bgcolor=f7f7f7 valign="top" align="center"><!--#include file="left.asp"--></td>
</tr>
</table>
</td>
</center>
<td width="470" valign="top" align="left">
<table border="0" width="470" cellspacing="0" cellpadding="0" height="5">
<tr>
<td width="470"  height="18" align="center"><b>货物交易状态</b></td>
</tr>
<tr>
<td width="100%">
<table border="0" width="100%" cellspacing="1">
<tr>
<td width="100%" bgcolor="#FFFFFF">订单号为<%
		strTemp=trim(request("sub_number"))
		If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators")  or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
%>		<script language=vbs>
<!--
  msgbox"大哥，您输入有误，还是再输一次吧！！"
  window.location.href="index.asp" 
-->
</script>
<%response.end
End If
sub_number=replace(strTemp,"'","''")

        response.write "<font color=red>"
        response.write sub_number
        response.write "</font>"
        response.write "<br>"
        sql="select * from sub where sub_number='"&sub_number&"'"
          set rs=server.createobject("adodb.recordset")
          rs.open sql,conn,3,3
          if rs.eof then
              response.write "没有此订单信息,请确认您的订单号输入是否正确"
          else
              if rs("sub_check")=false then
                  response.write "订单尚在处理中！"
              else
                  response.write "订单已确认，请放心付款！"
              end if
              %>          

<table border="0" width="100%" cellspacing="1">
<tr>
<td width="20%">商品编号</td>
<td width="20%">商品名称</td>
<td width="20%">数量</td>
<td width="20%">单价</td>
<td width="20%">合计</td>
</tr>
<%sql="select * from basket where sub_number='"&sub_number&"'"
                   set rs1=server.createobject("adodb.recordset")
                   rs1.open sql,conn,3,3
                   do while not rs1.eof%>
<tr>
<td width="20%"><%=rs1("hw_id")%></td>
<td width="20%"><%=rs1("hw_name")%></td>
<td width="20%"><%=rs1("basket_count")%></td>
<td width="20%"><%=rs1("hw_cash")%>元</td>
<td width="20%"><%=rs1("basket_count")*rs1("hw_cash")%>元</td>
</tr>
<%totalcash=totalcash+(rs1("basket_count")*rs1("hw_cash"))%>
            <%rs1.movenext
            loop
            rs1.close
            set rs1=nothing
            %>
<tr>
<td width="80%" colspan="4">合计</td>
<td width="20%"><font color="red"><%=totalcash%>元</font></td>
</tr>
</table>
              
              
          <%
          end if
          rs.close
          %></td>
</tr>
</table>
</td>
</tr>
<center>
<tr>
<td width="100%"></td>
</tr>
</table>
</center></td>
<td width="160" valign="top" align="center" bgcolor=f7f7f7>
<table border="0" width="160" cellspacing="0" cellpadding="0">
<tr>
<td width="160" align="center"><!--#include file="right.asp"--></td>
</tr>
</table>
</td>
</tr>
</table>
<!--#include file="copy.asp"-->