% Option Explicit %> <% Dim DBC,conn ClassID=request.QueryString("ClassID") Set DBC = new databaseclass Set Conn = DBC.openconnection() Dim I,RsConfigObj Set RsConfigObj = Conn.Execute("Select SiteName,UserConfer,Copyright,isEmail,isChange,IsShop from FS_Config") Set DBC = Nothing %> <% If Request.Form("action")="add" then If Replace(Replace(Replace(request.form("Title"),"'",""),"\",""),"/","")="" or request.form("Content")="" then Response.Write("") Response.End End if If Replace(Replace(Replace(request.form("Author"),"'",""),"\",""),"/","")="" or request.form("Content")="" then Response.Write("") Response.End End if Dim Rs,Sql1,ClassID Set Rs = server.createobject(G_FS_RS) Sql1 = "select * from FS_Contribution where 1=0" Rs.open sql1,conn,1,3 Rs.addnew Rs("ContID") = GetRandomID18() Rs("Title")=NoCSSHackInput(Replace(Replace(Replace(request.form("Title"),"'",""),"\",""),"/","")) If Replace(request.form("SubTitle"),"'","")<>"" then Rs("SubTitle")=NoCSSHackInput(Replace(request.form("SubTitle"),"'","")) End if Rs("Content")=NoCSSHackContent(Request.Form("Content")) Rs("AddTime")=Now() Rs("KeyWords")=NoCSSHackInput(Replace(request.form("KeyWords"),"'","")) Rs("Author")=NoCSSHackInput(Replace(Request.Form("Author"),"'","")) Rs("ClassID")=NoCSSHackInput(Cstr(Request.Form("ClassID"))) Rs.update Conn.execute("update FS_members set ConNum=ConNum+1 where MemName='"&Replace(Replace(Request.Form("Author"),"""",""),"'","")&"'") Response.Write("") Response.End Rs.close() Set rs=nothing End If Dim NewsContent NewsContent = Replace(Replace(Request.Form("Content"),"""","%22"),"'","%27") %>
|
蘭州天瑞軟件銷售服務(wù)有限公司 版權(quán)所有 copyright © 2010 地址:蘭州市城關(guān)區(qū)東崗東路525號(hào)(地堪局機(jī)關(guān)服務(wù)中心三樓) 聯(lián)系電話:0931-8877463 13993189254 15009319525 傳真:0931-8877463 |