<% Response.Flush() func = Request("func") If func="msg_add" Then Name = Request("Name") Homepage = Request("Homepage") Email = Request("Email") MSN = Request("MSN") Title = Request("Title") Content = Request("Content") If Left(Homepage,7)="http://" Then Homepage = Replace(Homepage, "http://", "") End If SQLSeg = "insert into GuestBook(Name,HomePage,Email,MSN,Title,Content) values("&AdjStr(Name)&","&AdjStr(Homepage)&","&AdjStr(Email)&","&AdjStr(MSN)&","&AdjStr(Title)&","&AdjStr(Content)&")" Conn.Execute(SQLSeg) AlertRedirect "留言完成","guestbook.asp" Response.End End IF If func="msgMgrLogin" Then checkIsPost("guestbook.asp") Account = Request("acct") Password = Request("pswd") Str = "登入失敗" badChr = Array("'", ",", ";", "-", "?") hasBadChr = 0 For i = 0 To UBound(badChr) IF (InStr(Account,badChr(i))>0) Then hasBadStr = 1 Exit For End If Next IF 0=hasBadChr Then SQLSeg = "select id,passwd,CanLoginFront from Administrators where account="&AdjStr(Account) Set rs0 = Conn.Execute(SQLSeg) IF Not (rs0.EOF And rs0.BOF) Then If Password=CStr(rs0("passwd")) Then If rs0(2) Then Session("MsgMgrID") = rs0("id") Str = "登入成功" Else Str = "此帳號現在不可登入!" End IF End IF End IF End IF AlertRedirect Str,"guestbook.asp" Response.End End IF If func="msgMgrLogout" Then Session("MsgMgrID") = NULL 'Session.Abandon AlertRedirect "登出完成","guestbook.asp" Response.End End IF If func="re_msg" Then checkIsPost("guestbook.asp") checkSession "MsgMgrID", "guestbook.asp" gbid = Request("gbid") Content = Request("Content") 'ToDo: 這裡要加上檢查 gbid 是不是數字的判斷 SQLSeg = "update GuestBook set ReplyOP = "&Session("MsgMgrID")&", Reply="&AdjStr(Content)&", ReplyTime='"&Now()&"' where id="&gbid Conn.Execute(SQLSeg) AlertRedirect "回應完成","guestbook.asp" Response.End End IF If func="del_msg" Then checkIsPost("guestbook.asp") checkSession "MsgMgrID", "guestbook.asp" gbid = Request("gbid") 'ToDo: 這裡要加上檢查 gbid 是不是數字的判斷 SQLSeg = "delete from GuestBook where id="&gbid Conn.Execute(SQLSeg) AlertRedirect "刪除完成","guestbook.asp" Response.End End IF dbClose() %>