FUNCTION Check (s)
Dim pos
pos = InStr(s, "'")
While pos > 0
s = Mid(s, 1, pos) & "'" & Mid (s, pos + 1)
pos = InStr(pos + 2, s, "'")
WEND
Check=s
END FUNCTION
DbPath = SERVER.MapPath("forum.mdb")
Set conn = Server.CreateObject("ADODB.Connection")
conn.open "driver={Microsoft Access Driver (*.mdb)};dbq=" & DbPath
%>
response
id=request("id")
'response.write id
'response.end
sql="update forum set child=child+1 where id=cdbl('"&request("id")&"') "
conn.execute sql
dim xl
xl=request("xl")
comment=replace(request("comment"),vbcrlf,"")
dim xl_l
dim i
xl_l=cstr(request("child"))
for i=1 to 3-len(xl_l)
xl_l="0"+xl_l
next
xl_l=trim(xl)+trim(xl_l)
insertnum=0
sqltext="insert into forum(username,title,comment,brow,xl,regtime)"
sqltext=sqltext+"values('"&check(server.htmlencode(request("username")))&"','"&check(server.htmlencode(request("title")))&"','"& check(server.htmlencode(comment))&"','"&request("brow")&"','"+xl_l+"',now)"
conn.execute sqltext,insertnum
if insertnum=1 then
response.redirect"default.asp"
myconn.close
else
response.write"insert failer"
end if
%>
