votesave.asp

来自「易和阳光购物商城 v1.3 | 功能简介 增加了防注入文件」· ASP 代码 · 共 60 行

<!--#include file="conn.asp"-->
<%if session("bjxadmin")="" then
response.Write "<script language='javascript'>alert('网络超时或您还没有登陆！');window.location.href='login.asp';</script>"
response.End
else
if session("flag")>1 then
response.Write "<p align=center><font color=red>您没有此项目管理权限！</font></p>"
response.End
end if
end if

dim id,title,act,DateAndTime,Content,sql,i
ID=request.QueryString("id")
Title=trim(request.form("Title"))
act=request("act")
if DateAndTime="" then DateAndTime=now()
Content=trim(request.form("Content"))
if Title="" then
response.write "<script language=javascript>alert('投票主题不能为空！');history.go(-1);</script>"
response.end
Response.End 
end if

	set rs=server.createobject("adodb.recordset")
	if act="edit" then
		sql="select * from BJX_toupiao where ID="&ID
	elseif act="add" then
		sql="select * from BJX_toupiao"
	end if
	rs.open sql,conn,1,3
	if act="add" or act="edit" then
	if act="edit" then
	if rs.eof then
response.write "<script language=javascript>alert('操作错误！');history.go(-1);</script>"
		Response.End 
		end if
		end if
		if act="add" then rs.addnew
		rs("Title")=Title
		'rs("depid")=session("UserDepID")
		for i=1 to 8
			if request("select"&i)<>"" then
				rs("select"&i)=request("select"&i)
				if request("answer"&i)="" then
					rs("answer"&i)=0
				else
					rs("answer"&i)=request("answer"&i)
				end if
			end if
		next
		rs("dateandtime")=now()
		rs.update
	end if
	rs.close
	set rs=nothing
	conn.close
	set conn=nothing
	Response.Redirect "voteManage.asp"
	%>
</body></html>