edit_boardfox.asp

中国网站网贴吧程序源码（ASP+ACCESS） 实现功能： 多级分类查找,可按多级分类查找贴吧,多用户申请,任何人都可以申请自己的贴吧, 用户三种权限管理,1,普通会员,2,普通版主(只有管理自己的贴

<!--#include file="../conn/boardconn.asp"-->
<!--#include file="../style/sql.asp"-->
<!--#include file="../function.asp"-->
<!--#include file="../CHAR.INC"-->
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end
end if
%>
<%
fqys=request.servervariables("query_string") 
dim nothis(18) 
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)=":" 
nothis(12)="""" 
nothis(13)="insert" 
nothis(14)="delete" 
nothis(15)="drop" 
nothis(16)="truncate" 
nothis(17)="from" 
nothis(18)="%" 
errc=false 
for i= 0 to ubound(nothis) 
if instr(FQYs,nothis(i))<>0 then 
errc=true 
end if 
next 
if errc then 
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end 
end if 
%>
<%CheckAdmin1%>
<%
	Dim BoardNlass,BoardClass,Boardchild
	BoardNlass=CInt(Request.QueryString("BoardNlass"))
	BoardClass=CInt(Request.QueryString("BoardClass"))
	BoardChild=CInt(Request.QueryString("BoardChild"))
	If BoardChild="" or not IsNumeric(BoardChild) Then
	response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
	response.write "<tr><td style=font:9pt Verdana>"
	response.write "<center><font face=Georgia,Tahoma size=2>友情提示：服务器禁止非法操作...</font></center>"
	response.write "</td></tr></table></center>"
		Response.End
	End If
%>
<%
   dim cmdTemp
   select case request.form("options")
     case "edit"
       on error resume next
       Set cmdTemp = Server.CreateObject("ADODB.Command")
       set rs=server.createobject("adodb.recordset")
       cmdTemp.CommandText = "SELECT * FROM QiQiBoy_Board_Disp where BoardNlass="&Cint(BoardNlass)&" and BoardClass="&Cint(BoardClass)&" and BoardChild="&Cint(BoardChild)
       cmdTemp.CommandType = 1
       Set cmdTemp.ActiveConnection = conn   
       rs.Open cmdTemp, , 1, 3
       if err.Number<>0 then
            err.clear
            response.write "Data Update..."
       else
         rs("BoardName") = trim(request.form("BoardName"))
         rs("BoardNlass") = request.form("BoardNlass")
         rs("BoardClass") = request.form("BoardClass")
         rs("BoardDescription") = request.form("BoardDescription")
         rs("BoardMaster") = request.form("BoardMaster")
         rs("BoardHot") = request.form("BoardHot")
         rs.Update
         rs.Close
         set rs=nothing
         set cmdTemp=nothing
       end if
	Sql="select BoardNlass,BoardClass,BoardChild from QiQiBoy_Board_Disp where BoardChild="&Cint(BoardChild)
	Set rs=Conn.execute(Sql)
	MaxBoardNlass=Rs(0)
	MaxBoardClass=Rs(1)
	MaxBoardChild=Rs(2)
	Sql="Update QiQiBoy_Topic_Disp set BoardNlass='"&MaxBoardNlass&"',BoardClass='"&MaxBoardClass&"' where BoardChild="&Cint(MaxBoardChild)
	Conn.execute(Sql)
  end select
  rs.close
  conn.close
  Set rs=Nothing
  Set conn=Nothing
  response.redirect "all_board.asp"
%>