signup.asp

网上购物系统 asp+sql server 2005

<!--#include file="include/dbopenbd.asp"-->
<!--#include file="md5.asp"-->
<%
call check_path()   '保证此页的调用是合法的
'获取上页传递的信息，aspsql对信息进行安全处理，防止用sql注入法控制数据库
UserId=aspsql(request.form("UserId"))
User_Password=request.form("pw1")
userpassword=md5(user_password)
UserMail=aspsql(request.form("UserMail"))
Username=aspsql(request.form("Username"))
UserQQ=aspsql(request.form("UserQQ"))
UserICQ=aspsql(request.form("UserICQ"))
UserMSN=aspsql(request.form("UserMSN"))
Sex=aspsql(request.form("Sex"))
Birthday=aspsql(request.form("Birthday"))
CompPhone=aspsql(request.form("CompPhone"))
HomePhone=aspsql(request.form("HomePhone"))
Country=aspsql(request.form("Country"))
Province=aspsql(request.form("Province"))
City=aspsql(request.form("City"))
Address=aspsql(request.form("Address"))
ZipCode=aspsql(request.form("ZipCode"))
Memo=aspsql(request.form("Memo"))
tjr=aspsql(request.form("tjr"))


jptxt="ゴ|ガ|ギ|グ|ゲ|ザ|ジ|ズ|ヅ|デ|ド|ポ|ベ|プ|ビ|パ|ヴ|ボ|ペ|ブ|ピ|バ|ヂ|ダ|ゾ|ゼ"
jptext=split(jptxt,"|")
for jp=0 to ubound(jptext)
userid=replace(userid,jptext(jp),"")
Username=replace(Username,jptext(jp),"")
next
'过滤日文字符及其它常见的非法文字
if request("UserId")<>UserId or request("Username")<>Username then mGoBack "本系统不允许使用日文字符，请检查后重新输入！"
if instr(lcase(userid),"admin")>0 or instr(userid,"管理员")>0  or instr(userid,"游客")>0 then mGoBack "警告：不允许使用此类用户名，请检查后重新输入！"
if buyoktxtcheck(userid)<>userId then mGoBack "您输入的用户名中含有非法字符，请检查后重新输入！"

set rs=Server.Createobject("ADODB.RecordSet")
sqlinfo = "select * from s_buser where UserId= '" & UserId & "'"
rs.Open sqlinfo,conn,1,3
if not (rs.Bof or rs.eof) then
	rs.close
	set rs=nothing
	mGoBack "该帐号已经有人使用，请选择其它用户名"
else
rs.AddNew
rs("UserId")=UserId
rs("UserPassword")=UserPassword
rs("Username")=Username
rs("UserQQ")=UserQQ
rs("UserICQ")=UserICQ
rs("UserMSN")=UserMSN
rs("Sex")=Sex
rs("Birthday")=Birthday
rs("HomePhone")=HomePhone
rs("CompPhone")=CompPhone
rs("UserMail")=UserMail
rs("Country")=Country
rs("Province")=Province
rs("City")=City
rs("Address")=Address
rs("ZipCode")=ZipCode
rs("Memo")=Memo
rs("tjr")=tjr
rs("IP")=Request.serverVariables("REMOTE_ADDR")
rs.Update
rs.close
set rs = nothing

'完成登陆
response.cookies("buyok")("userid")=userid
mGoTo "user_center.asp","恭喜，注册成功。单击“确定”登陆本站。"
end if
%>