msg_save.asp

后台管理系统

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="conn.asp"-->
<%
'合法性检查
if instr(replace(Trim(Request.Form("msg_email")),"'",""),"@")<=0 then
response.write("<script>window.alert('your e_mail is wrong!');history.go(-1);</script>")
response.End()
end if
if not instr(replace(Trim(Request.Form("msg_content")),"'",""),"<script>")<=0  or not instr(replace(Trim(Request.Form("msg_content")),"'",""),"<object>")<=0 or not instr(replace(Trim(Request.Form("msg_content")),"'",""),"fuck")<=0 then
response.write("<script>window.alert('your input is wrong!');history.go(-1);</script>")
response.End()
end if
'插入数据
'添加数据
set rs= Server.CreateObject("ADODB.Recordset")
sqltxt="select * from msg"
rs.open sqltxt,conn,1,3
rs.addnew
rs("msg_name")=replace(Trim(Request.Form("msg_name")),"'","")
rs("msg_content")=replace(Trim(Request.Form("msg_content")),"'","")
rs("msg_email")=replace(Trim(Request.Form("msg_email")),"'","")
rs("msg_phone")=replace(Trim(Request.Form("msg_phone")),"'","")
rs("msg_country")=replace(Trim(Request.Form("msg_country")),"'","")
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
response.write("<script>window.alert('succeed!');window.location.href='leavemsg.html';</script>")
'添加信息结束
%>