user_dedit.asp

盗号用的

<!--#include file="../Conn.asp"-->
<%
If Session("AdminUserName") = "" Then
    Response.Write "<script>window.open('Login.asp','_parent');</script>"
	Response.End
End If 

server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if  mid(server_v1,8,len(server_v2))<>server_v2  then
    response.write "<script>alert('警告！你正在从外部提交数据！！请立即终止！！');location.href='../index.htm';</script>"
    Response.End
end If
If Request("url") = "back" Then
    Session("url") = Request.ServerVariables("HTTP_REFERER")
End If 
action=Request("action")
bz=SafeStr(Request.Form("bz"))
id = Request("id")
If Not IsNumeric(Id) Or Id = "" Then
    Id = 0
End If 
Set Rs = Server.CreateObject("Adodb.Recordset")
Rs.Open "Select * From [info] where id=" & id,Conn,1,3
If Not (Rs.Eof Or Rs.Bof) Then
    If action = "save" Then
        Rs("Content") = bz
        Rs.Update
		Set Rs1 = Server.CreateObject("Adodb.Recordset")
		Rs1.Open "Select * From [infos] where id=" & id,Conn,1,3
		If Not (Rs1.Eof Or Rs1.Bof) Then
            Rs1("Content") = bz
            Rs1.Update
		End If 
		Set Rs1 = Nothing
        Response.Write "<script>alert('修改成功');location.href='" & Session("url") & "';</script>"
	    Response.End
	Else
	    bz = Rs("Content")
	End If 
    Rs.Close
    Set Rs = Nothing
Else
    response.write "<script>alert('该信息不存在!');history.go(-1);</script>"
End If 

%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=Name%></title>
<link href="images/text.css" rel="stylesheet" type="text/css">
</head>
<body leftmargin="0" topmargin="0">
<table width="100%"  border="0" align="center" cellpadding="0" cellspacing="0">
      <tr>
        <td height="32" align="center" background="images/bj3.jpg" bgcolor="#E6F2FF"><table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td align="center"><%=Session("UserName")%> - <%=Session("Class")%> - 钓鱼数据</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td height="254" valign="top" bgcolor="#FFFFFF">
<form name="form1" method="post" action="user_dedit.asp?action=save&id=<%=id%>" onSubmit="return check(this)">
          <table width="49%" border="0" align="center" cellpadding="5" cellspacing="1" bgcolor="#C1DFFF">
          <tr>
            <td align="right" bgcolor="#FFFFFF">备　　注</td>
            <td bgcolor="#FFFFFF"><INPUT name=bz type=text class=inp1 id="bz" maxlength="50" value="<%=bz%>"></td>
          </tr>
		  </table>
          <p align="center"><input class=btn type="submit" name="submit" value="　提 交 信 息　"></p>
</td>
  </tr>
</table>
</form></body>
</html>