del_post.asp

购物系统(本版为正式商业版

<!--#include file="conn.asp"-->
<!--#include file="inc/config.asp"-->
<!--#include file="../fuction.asp"-->
<%action=nosql(request("action"))
id=nosql(int(request.querystring("id")))
bid=nosql(int(request.querystring("bid")))
fid=nosql(int(request.querystring("fid")))
username=nosql(session("username"))
password=nosql(session("userpassword"))
manbid=nosql(int(session("manbid") ))
if username="" or password="" then
response.redirect"login.asp"
end if
set rs2=server.createobject("adodb.recordset")
    sql="select * from book where id=" & id
    rs2.open sql,conn,1,1
    bookname=rs2("username")
    rs2.close

url="list.asp?bid="&bid&""
if manbid=bid or manbid=20000 or session("username")=bookname then
  if action="" then
    set rs=server.createobject("adodb.recordset")
    sql="select * from book where id=" & id
    rs.open sql,conn,3,3
    rs.delete

    conn.execute "delete from book where type in ("&id&")"
  else
    conn.execute("update [book] set reply=reply-1 where id ="&fid&"")
    conn.execute("delete from [book] where  id="&id&"")

   end if

response.redirect url
rs.close
conn.close
set rs=nothing
set conn=nothing
else
response.write"<script language='javascript'>alert('你没权限！')</script>"
response.write "<script language='javascript'>history.back(-1)</script>"
response.end 
end if 

%>