save.asp

信运网店系统是一套功能完善、简洁美观

<!--#include file="conn.asp"-->
<%
if session("admin")="" then
conn.close
set conn = nothing
response.Write "<script language='javascript'>alert('请先登录！');history.go(-1);</script>"
response.End
else
if request.cookies("Buy2Buy")("admin")="" then
conn.close
set conn = nothing
response.Write "<script language='javascript'>alert('请先登录！');history.go(-1);</script>"
response.End
end if
end if

dim action,goods,username
action=FormatSQL(SafeRequest("action",0))
goods=SafeRequest("dan",1)
username=SafeRequest("username",0)
select case action
case "save"
if session("rank")>1 then
conn.close
set conn = nothing
response.Write "<script language='javascript'>alert('你无权更改订单状态！');history.go(-1);</script>"
response.End
end if
dim rsscore,strscore
if request.form("state")<>"" then
set rs=server.CreateObject("adodb.recordset")
rs.open "select orders.id,orders.goods,orders.state,orders.score,orders.productnum from orders where orders.goods='"&goods&"' and Orders.UserName = '"&username&"' " ,conn,1,3
do while not rs.EOF
rs("state")=request.form("state")
LngNum=rs("productnum")
ProID=rs("id")
if request.form("state")=3 then
set rsscore=server.CreateObject("adodb.recordset")
rsscore.Open "Select solded,stock From Product Where id = "&ProID,conn,1,3
rsscore("solded")=rsscore("solded")+LngNum
rsscore("stock")=rsscore("stock")-LngNum
rsscore.update
rsscore.Close
strscore=rs("score")
rsscore.open "select score from [user] where username='"&username&"' ",conn,1,3
rsscore("score") = rsscore("score") + strscore
rsscore.update
rsscore.close
set rsscore = nothing
End If
rs.Update
rs.MoveNext
loop
rs.Close
set rs=nothing
conn.close
set conn = nothing
end if
response.Write "<script language=javascript>alert('订单状态修改成功！');history.go(-1);</script>"
case "del"
if session("rank")>1 then
conn.close
set conn = nothing
response.Write "<script language='javascript'>alert('你无权删除订单！');history.go(-1);</script>"
response.End
end if
conn.execute "delete from orders where goods='"&goods&"' and Orders.UserName = '"&username&"' "
response.Write "<script language=javascript>alert('订单删除成功！');window.close();</script>"
conn.close
set conn=nothing

case "orders"
if session("rank")>2 then
conn.close
set conn = nothing
response.Write "<script language='javascript'>alert('你无权评论订单！');history.go(-1);</script>"
response.End
end if
set rs=server.CreateObject("adodb.recordset")
rs.open "select orders.remarks from orders where goods='"&goods&"'",conn,1,3
rs("remarks")=trim(request.form("remarks"))
rs.update
response.Write "<script language=javascript>alert('评论添加成功！');window.close();</script>"
rs.close
set rs=nothing
conn.close
set conn=nothing
end select

%>