submit_f.asp

与asp相关的技术 如数据库和网页设计 很有用的哦

<%
if session("user_type")<>"S" then
	response.redirect "../../index.asp"
end if
%>
<!--#INCLUDE FILE="../../../system/odbc_connection.asp"-->
<!--#INCLUDE FILE="../../../system/function.asp"-->
<%

dim id,user_id,lesson_id,homework_id
user_id=session("user_id")
lesson_id=session("lesson_id")
homework_id=request("homework_id")
'不管是不是重交，先删掉过去的
sql="delete from homework_answer where user_id='" & user_id & "' and homework_id="& homework_id
db.execute(sql)

'规定上传路径和最大文件大小
dim filepath,maxsize
sql="select file_size from homework where homework_id=" & homework_id
set rs=db.execute(sql)
maxsize=rs("file_size")*1024*1024
filepath=server.mappath("../../../../uploadfile/"& lesson_id )

Set obj = Server.CreateObject("LyfUpload.UploadFile")
obj.maxsize=maxsize 
'保存文件到服务器,返回文件名
filename=obj.SaveFile("upfile", filepath, false)
'得到form元素的值
fieldvalue = obj.request("fieldname")

if filename="3" then
   Response.Write "<center>此文件在服务器上已经存在！不能覆盖！<br>" 
   '重新来过
   response.write "<a href='submit.asp?lesson_id=" & lesson_id & "&homework_id=" & homework_id & "'>重新上传</a><center>"
Elseif filename="0" then
	Response.Write "<center>文件体积太大！请返回" 
	Response.write "<a href='javascript:history.back(-1);'>重新上传</a><center>"	
elseif filename<> "" then
	'正确上传后,首先判断扩展名，如果是asp或exe等文件，立即删除
	'如果是exe或ASP文件，立即删除
	if GetExt(filename)=".exe" or GetExt(filename)=".asp" or GetExt(filename)=".aspx" then
		Dim fso
		set fso=server.createobject("scripting.filesystemobject")
		fso.deletefile filepath & "\" & filename
		Response.Write "文件类型错误"
		Response.End
	end if 

	'首先将其保存到数据库中
	Dim sql
	sql="insert into upload_file(upload_file_name,user_id,ext,size,submit_date) values('" & filename & "','" &  session("user_id") & "','" & GetExt(filename) & "'," & obj.FileSize & ",#" & Now() & "#)"
	db.execute(sql)
	'从中取出刚才的记录编号
	Dim rs
	sql="select Top 1 id,ext from upload_file where user_id='" & session("user_id") & "' order by submit_date desc"
	set rs=db.execute(sql)
	'变化文件的名字
	Dim pathold,pathnew
	set fso=server.createobject("scripting.filesystemobject")
	pathold=filepath & "\" & filename
	filename=rs("id") & rs("ext")
	pathnew=filepath & "\" & filename
	fso.copyfile pathold, pathnew
	fso.deletefile pathold
	set fso=nothing
	
	'需将学生递交信息写入
	sql = "insert into homework_answer(homework_id,user_id,body,upload_file_name,submit_date,ip,submit_flag)"
	sql=sql & " values(" & homework_id & ",'" & user_id & "','" & obj.Request("fieldname") & "','" 
	sql=sql & filename & "',#" & now & "#,'" & Request.ServerVariables("Remote_Addr") & "',1)"
	db.Execute(Sql)

	response.write "<center><h2 align='center'>已安全保存，请返回</h2>"
	response.write "<a href='index.asp'>返回</a></center>"
End If
%>