edit_board.asp

中国网站网贴吧程序源码（ASP+ACCESS） 实现功能： 多级分类查找,可按多级分类查找贴吧,多用户申请,任何人都可以申请自己的贴吧, 用户三种权限管理,1,普通会员,2,普通版主(只有管理自己的贴

<!--#include file="../conn/boardconn.asp"-->
<!--#include file="../style/sql.asp" -->
<!--#include file="../CHAR.INC"-->
<!--#include file="../function.asp"-->
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end
end if
%>
<%
fqys=request.servervariables("query_string") 
dim nothis(18) 
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)=":" 
nothis(12)="""" 
nothis(13)="insert" 
nothis(14)="delete" 
nothis(15)="drop" 
nothis(16)="truncate" 
nothis(17)="from" 
nothis(18)="%" 
errc=false 
for i= 0 to ubound(nothis) 
if instr(FQYs,nothis(i))<>0 then 
errc=true 
end if 
next 
if errc then 
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end 
end if 
%>
<%
	Dim BoardNlass,BoardClass,Boardchild
	BoardNlass=CInt(Request.QueryString("BoardNlass"))
	BoardClass=CInt(Request.QueryString("BoardClass"))
	BoardChild=CInt(Request.QueryString("BoardChild"))
	If BoardChild="" or  BoardChild=0 or not IsNumeric(BoardChild) Then
	response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
	response.write "<tr><td style=font:9pt Verdana>"
	response.write "<center><font face=Georgia,Tahoma size=2>友情提示：服务器禁止非法操作...</font></center>"
	response.write "</td></tr></table></center>"
		Response.End
	End If
%>
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=GB2312">
<link href="../Style/Style.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!--
function form_onsubmit() {
if (document.form.BoardName.value=="")
	{
	  alert("友情提示!\n\n请完整填写帖吧名称!")
	  document.form.BoardName.focus()
	  return false
	 }
else if (document.form.BoardDescription.value=="")
	{
	  alert("友情提示!\n\n请完整填写帖吧简介!")
	  document.form.BoardDescription.focus()
	  return false
	 }
}
// -->
</script>
<%
dim count
set rs=server.createobject("adodb.recordset")
sql = "select * from [QiQiBoy_Class_Disp] order by BoardClass asc"
rs.open sql,conn,1,1
%>
<SCRIPT language="JavaScript">
var onecount;
onecount=0;
subcat = new Array();
        <%
        count = 0
        do while not rs.eof 
        %>
subcat[<%=count%>] = new Array("<%= trim(rs("BoardClassName"))%>","<%= trim(rs("BoardNlass"))%>","<%= trim(rs("BoardClass"))%>");
        <%
        count = count + 1
        rs.movenext
        loop
        rs.close
        %>
onecount=<%=count%>;

function changelocation(locationid)
    {
    document.form.BoardClass.length = 0; 

    var locationid=locationid;
    var i;
    for (i=0;i < onecount; i++)
        {
            if (subcat[i][1] == locationid)
            { 
                document.form.BoardClass.options[document.form.BoardClass.length] = new Option(subcat[i][0], subcat[i][2]);
            }        
        }
        
    }    
</SCRIPT>
</head>

<body topmargin="0" leftmargin="0">
<div align="center"><center>
	<%
	Sql="select * from QiQiBoy_Board_Disp where BoardNlass="&Cint(BoardNlass)&" and BoardClass="&Cint(BoardClass)&" and BoardChild="&Cint(BoardChild)
	Set rs=conn.execute(Sql)
	%>
   <form id=form name=form method="POST" action="edit_boardfox.asp?BoardNlass=<%Response.Write(rs(1))%>&BoardClass=<%Response.Write(rs(2))%>&Boardchild=<%Response.Write(rs(3))%>" onsubmit="return form_onsubmit()">
     <input type="hidden" name="options" value>
      <table border="0" cellpadding="0" cellspacing="0" width="100%">
        <tr>
          <td width="100%" height="20" bgcolor="#96C5DE" align=center colspan="2"><font color="white"><b>编 辑 网 友 帖 吧</b></font></td>
         </tr>
        <tr>
          <td width="100%" height="20" align=center colspan="2"></td>
         </tr>
        <tr>
           <td width="15%" height="25" align="right">一级分类：</td>
           <td width="85%">
<SELECT name="BoardNlass" onChange="changelocation(document.form.BoardNlass.options[document.form.BoardNlass.selectedIndex].value)" size="1">
<%
BoardNlass=request("BoardNlass")
BoardClass=request("BoardClass")
set rs=server.createobject("adodb.recordset")
sql="select * from QiQiBoy_Nlass_Disp"
 	rs.open sql,conn,1,1
	if rs.eof and rs.bof then
		response.write "..."
	else
	do while not rs.eof
        if BoardNlass=cstr(rs("BoardNlass")) then
               sel="selected"
        else
               sel=""
        end if	
	response.write "<option " & sel & " value='"+CStr(rs("BoardNlass"))+"' name='BoardNlass'>"+rs("BoardNlassName")+"</option>"+chr(13)+chr(10)
	rs.movenext
    	loop
	end if
	rs.close
%>
</SELECT> *</td>
         </tr>
         <tr>
           <td width="15%" height="25" align="right">二级分类：</td>
           <td width="85%">
<SELECT name="BoardClass" size="1">             
<%
set rs=server.createobject("adodb.recordset")
  	sql="select * from QiQiBoy_Class_Disp"             
 	rs.open sql,conn,1,1             
	if rs.eof and rs.bof then             
		response.write "..."             
	else             
        do while not rs.eof             
        if BoardClass=cstr(rs("BoardClass")) then             
               sel="selected"             
        else             
               sel=""             
        end if	             
        response.write "<option " & sel & " value='" +  Cstr(rs("BoardClass")) + "'>" + rs("BoardClassName") + "</option>"             
        rs.movenext             
        Loop             
	end if             
        rs.close             
%>             
</SELECT> *</td>
         </tr>
	<%
	Sql="select * from QiQiBoy_Board_Disp where BoardNlass="&Cint(BoardNlass)&" and BoardClass="&Cint(BoardClass)&" and BoardChild="&Cint(BoardChild)
	Set rs=conn.execute(Sql)
	%>
             <tr>
           <td width="15%" height="25" align="right">贴吧名称：</td>
           <td width="85%"><input class=input type="text" name="BoardName" size="50" maxLength="50" value="<%Response.Write(rs(4))%>"> *</td>
         </tr>
             <tr>
               <td width="15%" height="25" align="right">贴吧简介：</td>
               <td width="85%"><TEXTAREA class=input name="BoardDescription" rows="6" cols="60" id="BoardDescription"><%Response.Write(rs(5))%></TEXTAREA></TD>
              </TR>
             <tr>
           <td width="15%" height="25" align="right">贴吧斑竹：</td>
           <td width="85%"><input class=input type="text" name="BoardMaster" size="30" value="<%Response.Write(rs(6))%>"> *注:多斑主请使用|符号分隔...</td>
         </tr>
             <tr>
           <td width="15%" height="25" align="right">是否推荐 Y/N：</td>
           <td width="85%"><SELECT name="BoardHot" size="1" class=input>
<OPTION value="0" <% if Rs("BoardHot")=0 then response.Write("selected") end if%>>否</OPTION>
<OPTION value="1" <% if Rs("BoardHot")=1 then response.Write("selected") end if%>>是</OPTION></SELECT></td>
         </tr>
        <tr>
          <td width="15%" height="25" align="right"></td>
          <td width="85%"><input name="submit" type="image" src="../images/edit.gif" align=absMiddle onclick="form.options.value='edit'">&nbsp;<input class=input1 type="reset" value="擦除重填" name="Submit2"></td>
         </tr>
       </table>
      </form>
     </center>
    </div>
 </body>
</html>