save.asp

办公系统

<!--#include file="../includes/db.asp"-->
<%
call insureID()
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>办公自动化系统</title>
</head>

<body>
<%
dim NOTICE_ID
dim NOTICE_TITLE
dim NOTICE_CONTENT
dim NOTICE_DATE
dim USER_ID

if (request("action")="Add") then
	'添加资讯
       call saveAdd()
elseif (request("action")="Edit") then
	'保存对资讯所作的修改
       call saveEdit()
else
	call trigErr()
end if

sub saveAdd()
	if session("Position_id")>3 then
		response.write "<br><p align=center>您没有操作的权限!</p>"
		response.end
	end if
	NOTICE_TITLE = request("Title")
	NOTICE_CONTENT = request("Content")
	NOTICE_TITLE = replacePrime(NOTICE_TITLE)
	NOTICE_CONTENT = replacePrime(NOTICE_CONTENT)
	USER_ID = session("USER_ID")	
	sql="INSERT INTO Notice (NOTICE_TITLE, NOTICE_CONTENT, NOTICE_DATE, USER_ID) " _
		&"VALUES ('"&NOTICE_TITLE&"', '"&NOTICE_CONTENT&"', GETDATE(), "&USER_ID&" )"
	call openDB()
	conn.execute(sql)
	response.write "添加成功!&nbsp;&nbsp;&lt;&lt;<a href=""Browse.asp"">返回</a>"
	call closeDB()
end sub

sub saveEdit()
	if session("POSITION_ID")>3 then
		call noRight()
	end if
	NOTICE_ID=request("NOTICE_ID")
	if NOTICE_ID="" then
		call trigErr()
	end if
	NOTICE_TITLE = request("Title")
	NOTICE_TITLE = replace(NOTICE_TITLE,"'","#Rep_PRIME_lace#")
	NOTICE_CONTENT = request("Content")
	NOTICE_CONTENT = replace(NOTICE_CONTENT,"'","#Rep_PRIME_lace#")
	USER_ID = session("USER_ID")	
	
	sql="UPDATE Notice " _
		&"SET NOTICE_TITLE='"&NOTICE_TITLE&"',NOTICE_CONTENT='"&NOTICE_CONTENT&"',NOTICE_DATE=GETDATE()" _
		&"WHERE NOTICE_ID="&NOTICE_ID
	call openDB()
	conn.execute(sql)
	response.write "修改成功!&nbsp;&nbsp;&lt;&lt;<a href=""Browse.asp"">返回</a>"
	call closeDB()
end sub
%>
</body>
</html>