editinfo_save.asp

里面说明详细

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>蓝雨聊天室(修改个人资料)</title>
</head>
<body bgcolor="#DAE7E4">
<table border="1" width="100%" bordercolor="#008080" bordercolorlight="#008080"
bordercolordark="#008080" cellspacing="0" cellpadding="5">
  <tr>
    <td width="100%" bgcolor="#B8D3CE"><table border="0" width="100%">
      <tr>
        <td width="50%"><strong>修改个人资料</strong></td>
        <td width="50%" align="right"><input type="button" value="关闭窗口" onclick="window.close()"></td>
      </tr>
    </table>
    </td>
  </tr>
  <tr>
    <td width="100%"><table border="0" width="100%">
<!--#include file="admin/conn.asp"-->
<%
userid=trim(request.form("userid"))
username=trim(request.form("username"))
password=trim(request.form("password"))
pswstate=trim(request.form("pswstate"))
email=request.form("email")
homepage=request.form("homepage")
oicq=request.form("oicq")
biography=request.form("biography")
reg_err=""
if isnull(session("userid")) or session("userid")="" or userid="" or username="" or pswstate="" or email="" or (cstr(session("userid"))<>cstr(userid)) then
  reg_err="修改资料失败，参数不全！"
elseif Instr(username,"=")>0 or Instr(username,"%")>0 or Instr(username,chr(32))>0 or Instr(username,"?")>0 or Instr(username,"&")>0 or Instr(username,";")>0 or Instr(username,",")>0 or Instr(username,"'")>0 or Instr(LCase(username)," or")>0 or Instr(username,chr(34))>0 then
  reg_err="用户名中含有非法字符，请重新输入。"
elseif len(oicq)>10 or (len(oicq)<>0 and (not isnumeric(oicq))) then
  reg_err="Oicq号码只能是4-10位数字，您可以选择不输入。"
else
 reg_err=""
 Conn = DBCN()
 set rs = Server.CreateObject("ADODB.Recordset")
 sql="select * from [user] where username='" & username & "' and userid<>" & userid
 rs.open sql,conn,3
 if Not rs.eof then
   rs.close
   set rs=nothing
   reg_err="用户名重名错误，<font color=#ff0000>" & username & "</font>这个名字已经被其他人使用了。"
 else
  rs.close
  biography=htmlencode(biography)
  if len(biography)>120 then biography=Mid(biography,1,120)
  sql="select * from [user] where userid=" & userid
  rs.open sql,conn,3,3
  if Not rs.eof then
    rs("username")=username
    if pswstate="on" then
     rs("password")=password
    end if
    rs("email")=email
    rs("homepage")=homepage
    rs("oicq")=oicq
    rs("biography")=biography
    rs("lastactivity")=now()
    rs.update
  end if
  rs.close
  set rs=nothing
  reg_err=""
 end if
end if
if reg_err="" then
%>
    <tr>
       <td width="100%" height="30" colspan="2">修改个人资料成功！<font color="#ff0000"><%=username%></font>,以下是的你的一些新的个人资料，请记住你的用户名和密码。</td>
    </tr>
      <tr>
        <td width="16%">用户名：</td>
        <td width="84%"><font color="#8000FF"><%=username%></font></td>
      </tr>
      <tr>
        <td width="16%">密码：</td>
        <td width="84%"><font color="#8000FF"><%=password%></font></td>
      </tr>
      <tr>
        <td width="16%">EMAIL：</td>
        <td width="84%"><font color="#8000FF"><%=email%></font></td>
      </tr>
      <tr>
        <td width="16%">OICQ：</td>
        <td width="84%"><font color="#8000FF"><%=oicq%></font></td>
      </tr>
      <tr>
        <td width="16%">主页：</td>
        <td width="84%"><font color="#8000FF"><%=homepage%></font></td>
      </tr>
      <tr>
        <td width="16%" valign="top">个人简介：</td>
        <td width="84%"><font color="#8000FF"><%=biography%></font></td>
      </tr>
<%
 else
   response.write "<tr><td>" & reg_err & "&nbsp;&nbsp;<input type=button value=""返 回"" onclick=""history.back();""></td></tr>"
 end if
%>
    </table>
    <p><br>
    <br>
    </td>
  </tr>
</table>
</body>
</html>