以下为引用的内容: <!--#include file="../conn/dbconn1.asp"--> <!--#include file="../inc/safe.asp"--> <% content=Replace_Text(request.Form("content")) content=replace(content,"<","[") content=replace(content,">","]") newsid=Replace_Text(request.Form("newsid")) ip=request.Form("ip") rname=Replace_Text(request.Form("rname")) rname=replace(rname,"<","[") rname=replace(rname,">","]") 'username=Replace_Text(request.Form("username")) 'username=replace(username,"<","[") 'username=replace(username,">","]") '处理发表内容是脏话 set rs=server.CreateObject("adodb.recordset") sql="select * from badword" rs.open sql,conn,3,3 if rs.eof then response.Write("mei ziliao!") else on error resume next do while not rs.bof and not rs.eof content=replace(content,rs.fields("word").value,"**") rname=replace(rname,rs.fields("word").value,"**") rs.movenext loop end if rs.close set rs=nothing '''''''''''''''''''''''''''''' set rs=server.CreateObject("ADODB.RecordSet") sql="select * from pl" rs.open sql,conn,3,3 rs.addnew rs("content")=content rs("newsid")=newsid rs("ip")=ip rs("rname")=rname rs("username")=username rs.update rs.close %> <% set rsn=server.CreateObject("adodb.recordset") sqln="select newsid,plnum,plbz from news where newsid="&newsid&"" rsn.open sqln,conn,1,3 rsn("plnum")=rsn("plnum") 1 rsn("plbz")=1 rsn.update rsn.close %> <script> alert("成功发布!") parent.location.href="shownews.asp?newsid=<%=newsid%>" </script>
|