save.asp

来自「zheng fu wang zhan gong neng qi quan」· ASP 代码 · 共 51 行

<!--#include file="conn.asp"-->
<!--#include file="ConnUser.asp"-->
<!--#include file="config.asp"-->
<!--#include file="md5.asp"-->
<!--#include file="char.inc"-->
<!--#include file="chkuser.asp" -->
<!--#include file="ChkURL.asp"-->
<%
IF request.cookies(eChuang)("KEY")="" THEN
	Show_Err("对不起，您无权进行此项操作！")
	response.end
else
	usernamecookie=CheckStr(request.cookies(eChuang)("UserName"))
	passwdcookie=CheckStr(trim(Request.cookies(eChuang)("passwd")))
	KEYcookie=CheckStr(trim(request.cookies(eChuang)("KEY")))
	dim sql
	dim rs
	dim fullname
	dim passwd,passwd1
	dim question
	dim answer,answer1
	dim username
	dim email
	dim sex
	dim birthyear,birthmonth,birthday
	dim content
	dim tel
	dim depid
	dim depname
	dim deptype
	dim photo
	username=CheckStr(trim(request("username")))
	fullname=htmlencode(request.form("fullname"))
	passwd=htmlencode(request.form("passwd"))
	passwd1=md5(passwd)
	question=htmlencode(request.form("question"))
	answer=htmlencode(request.form("answer"))
	answer1=md5(answer)
	sex=htmlencode(request.form("sex"))
	if db_Birthday_Select="EChuang" then	'若是不整合
		birthyear=request.form("birthyear")
		birthmonth=request.form("birthmonth")
	end if
	birthday=request.form("birthday")
	email=htmlencode(request.form("email"))
	depid=ChkRequest(request.form("depid"),1)	'防注入
	content=htmlencode(request.form("content"))
	tel=htmlencode(request.form("tel"))
	photo=request.form("photo")
	
	if Instr(request("username"),"=")>0 or Instr(request("username"),"%")>0 or Instr(request("username"),chr(32))>0 or Instr(request("username"),"?")>0 or Instr(request("username"),"&")>0 or Instr(request("username"),";")>0 or Instr(request("username"),",")>0 or Instr(request("username"),"'")>0 or Instr(request("username"),",")>0 or Instr(request("username"),chr(34))>0 or Instr(request("username"),chr(9))>0 or Instr(request("username"),"