jfhjxx.asp

易和阳光购物商城 v1.3 | 功能简介 增加了防注入文件

<!--#include file="conn.asp"-->
<%if session("bjxadmin")="" then
response.Write "<script language='javascript'>alert('网络超时或您还没有登陆！');window.location.href='login.asp';</script>"
response.End
else
if session("flag")>1 then
response.Write "<p align=center><font color=red>您没有此项目管理权限！</font></p>"
response.End
end if
end if
%>
<html><head><title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<script language="javascript">
<!--
function checkdata()
{
if (document.form1.viewhtml.checked == true)
	{
	  alert("对不起，请取消“查看HTML源代码”后再添加！")
	  document.form1.viewhtml.focus()
	  return false
	 }
if (document.form1.Content.value.length==0)
	{
	  alert("对不起，请输入文章内容！")
	  //document.form1.content.focus()
	  return false
	 }
}

function MM_goToURL() { //v3.0
  var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
  for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}

function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
</script>
<link href="../images/css.css" rel="stylesheet" type="text/css">
</head>
<body>
<table class="tableBorder" width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#6a7f9a">
<tr> 
<td colspan="4" align="center" background="../images/admin_bg_1.gif"><b><font color="#ffffff">积分兑换奖品说明</font></b></td>
</tr>
<tr> 
<td >
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
                                <form name="form1" method="post" action="savejfhjxx.asp" OnSubmit="return checkdata()" onReset="return ResetForm();">
                                  <tr> 
                                    <td> 
                                        <table width="80%" border="0" cellspacing="2" cellpadding="1" align="center">
                                          <tr> 
                                            <td>
</td></tr><tr>
<td>
<%
set rs=server.createobject("adodb.recordset")
sql="select jfhj from BJX_config "
rs.open sql,conn,1,1
dim bjxc,bjxi
bjxc	= rs(0)
bjxi    = "Content"
%><input type="hidden" id="myEditor" value="" style="display:none" /><textarea id="Content" name="Content" style="display:none"><div><%= bjxc %></div></textarea><iframe id="Content___Frame" src="Iheeo_editor/editor.htm?id=Content&ReadCookie=0" frameborder="0" scrolling="no" width="621" height="457"></iframe>
</td>
</tr>
<tr> 
<td align="center"> 
<input type="submit" value="修改保存 " name="Submit" class="unnamed5">
</td>
</tr>
</table>
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>