gbook.asp

功能最强大的ASP网站

<!--#include file="md5.asp"-->
<%
function   GernerateHtml(str)   
  if   str   <>   ""   then   
  str   =   Replace(str,"&","&amp;")   
  str   =   Replace(str,"<","&lt;")   
  str   =   Replace(str,">","&gt;")   
  str   =   Replace(str,"   ","&nbsp;")   
  str   =   Replace(str,"　","&nbsp;&nbsp;")   
  str   =   Replace(str,vbCrLf,"<br>") 
  GernerateHtml   =   str   
  else   
  GernerateHtml   =   ""   
  end   if   
  end   function
%>
<style type="text/css">
<!--
body {
	background-image: url(image/main_bg.gif);
}
-->
</style><!--#include file="conn.asp"-->
<%
set rs=server.createobject("adodb.recordset")
sql="select * from gbook"
rs.open sql,conn,1,3
%>
<%
if request.form("name")="" then
response.write"<SCRIPT language=JavaScript>alert('请输入姓名！');"
response.write"javascript:history.go(-1)</SCRIPT>"
response.end
else
if request.Form("content")="" then
response.write"<SCRIPT language=JavaScript>alert('请输入内容！');"
response.write"javascript:history.go(-1)</SCRIPT>"
response.end
else
if GernerateHtml(request.form("newsid"))=0 then
response.write"<SCRIPT language=JavaScript>alert('请不要恶意注入！');"
response.write"javascript:history.go(-1)</SCRIPT>"
response.end
else
rs.addnew
rs("name")=GernerateHtml(request.Form("name"))
rs("id")=GernerateHtml(request.form("newsid"))
rs("title")=GernerateHtml(request.Form("title"))
rs("e-mail")=GernerateHtml(request.form("e-mail"))
rs("content")=GernerateHtml(request.Form("content"))
rs("user_title")=GernerateHtml(request.Form("hide"))
rs("time")=now
rs.update
rs.close
set rs=nothing
end if
end if
end if
%>
<!--#include file="common.asp"-->
<%
if session("name")<> "" then
Set rs1 = Server.CreateObject ("ADODB.Recordset")
sql1 = "select * from userlogin where name='"&session("name")&"'"
rs1.Open sql1,conn,1,3
rs1("money")=rs1("money")+1
session("money")=rs1("money")
rs1.update
rs1.close
set rs1=nothing
end if
%>
<%
response.write"<SCRIPT language=JavaScript>alert('感谢你的留言或评论！');"
response.write"javascript:history.go(-1)</SCRIPT>"
response.end
%>