huifk.asp

易和阳光购物商城 v1.3 | 功能简介 增加了防注入文件

<!--#include file="conn.asp"-->
<html><head><title><%=webname%>--用户评论</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="../images/css.css" rel="stylesheet" type="text/css">
</head>
<body leftmargin="0" topmargin="5" marginwidth="0" bgcolor="#D9E6FF">
<%dim id,action
id=request.QueryString("id")
action=request.QueryString("action")
if action="save" then
set rs=server.CreateObject("adodb.recordset")
rs.open "select * from BJX_fk where fkid="&id,conn,1,3
rs("fkadmin")=HTMLEncode2(trim(request("fkadmin")))
'rs("huifudate")=now()
rs.update
rs.close
set rs=nothing
response.write "<script language=javascript>alert('您的回复已成功提交！！');history.go(-1);</script>"
response.End
end if
%>
<table class="tableBorder" width="90%" border="0" align="center" cellpadding="0" cellspacing="1" >
<tr> 
<td align="center" background="../images/admin_bg_1.gif"><b><font color="#ffffff">发表评论</font></b></td>
</tr>
<tr> 
<form name="pinglunform" method="post" action="?action=save&id=<%=id%>">
<td > 
<%set rs=server.CreateObject("adodb.recordset")
rs.open "select * from BJX_fk where fkid="&id,conn,1,3
%>
<table width="100%" align="center" border="0" cellpadding="5" cellspacing="1" bgcolor="#6a7f9a">
<tr > 
<td width="40%" align="right" bgcolor="#FFFFFF">姓 名：</td>
<td width="60%" bgcolor="#FFFFFF"> 
<input name="pinglunname" type="text" id="fkusername" size="30" value="<%=rs("fkusername")%>" readonly>
</td>
</tr>
<tr > 
<td align="right" bgcolor="#FFFFFF">留言标题：</td>
<td bgcolor="#FFFFFF"><input name="fksubject" type="text" id="fksubject" size="30" value="<%=rs("fksubject")%>" readonly></td>
</tr>
<tr > 
<td align="right" valign="top" bgcolor="#FFFFFF">评论正文：</td>
<td bgcolor="#FFFFFF"><textarea name="fkcontent" cols="30" rows="3" id="fkcontent" readonly><%=rs("fkcontent")%></textarea></td>
</tr>
<tr > 
<td align="right" valign="top" bgcolor="#FFFFFF"><font color="#FF0000">管理回复：</font></td>
<td bgcolor="#FFFFFF"><textarea name="fkadmin" cols="30" rows="5" id="fkadmin"><%=rs("fkadmin")%></textarea></td>
</tr>
<tr >
<td bgcolor="#FFFFFF"></td>
<td bgcolor="#FFFFFF">
<input onClick="return check();" name="submit" type="submit" value="回复保存">
<input onclick="ClearReset()" type="reset" name="Clear" value="重新填写"></td>
</tr>
</table>
<%rs.close
set rs=nothing%>
</td>
</form>
</tr>
</table>
</body>
</html>
<%function HTMLEncode2(fString)
	fString = Replace(fString, CHR(13), "")
	fString = Replace(fString, CHR(10) & CHR(10), "</P><P>")
	fString = Replace(fString, CHR(10), "<BR>")
	HTMLEncode2 = fString
end function%>
<script LANGUAGE="javascript">
<!--
function checkspace(checkstr) {
  var str = '';
  for(i = 0; i < checkstr.length; i++) {
    str = str + ' ';
  }
  return (str == checkstr);
}
function check()
{
  if(checkspace(document.pinglunform.pinglunname.value)) {
	document.pinglunform.pinglunname.focus();
    alert("请填写您的姓名！");
	return false;
  }
  if(checkspace(document.pinglunform.pingluntitle.value)) {
	document.pinglunform.pingluntitle.focus();
    alert("请填写评论标题！");
	return false;
  }
  if(checkspace(document.pinglunform.pingluncontent.value)) {
	document.pinglunform.pingluncontent.focus();
    alert("请填写评论正文！");
	return false;
  }
	  }
//-->
</script>