<%@ language=VBScript %> <% sql="select * from bqw order by bqwid desc" set Rs = Server.CreateObject("ADODB.Recordset") Rs.open sql,conn,1,1 if Request("menu") = "addto" then call addto() else call index() end if sub index() %> <%=gbook_name%>--添加留言
 
<%session("OldGuestSave")=""%> >
*你的大名:
*防黑客码:
*留言主题:
*留言内容:
<% call htmlend() Response.End end sub sub addto() dim username, email, homeurl, qq, body, addtime, sql, Rs, ip, face, brow, validatecode username=htmlencode2(trim(Request.form("username"))) zt=htmlencode2(trim(Request.form("zt"))) email=htmlencode2(trim(Request.form("email"))) validatecode=htmlencode2(trim(Request.form("validatecode"))) qq=htmlencode2(trim(Request.form("validatecode"))) body=htmlencode2(Request.form("body")) face=Request.form("face") ip=Request.ServerVariables("REMOTE_ADDR") brow=Request.form("brow") if session("OldGuestSave") <> "" then message1="请不要重复提交同一条信息嘛!\n" end if if username = "" then message="请填写您的名字哦!\n" end if if zt = "" then message="请填写留言主题!\n" end if if validatecode = "" then message="请填写防黑客码!\n" end if if body = "" then message=message&"留言内容不能为空!\n" end if if face = "" then facerand=16 randomize facerand=Int((facerand*rnd)+1) face="images/face/"&facerand&".gif" end if if body <> "" and Len(body)> bodymax then message=message&"对不起,留言字数不能超过 "&bodymax&" 字,谢谢!\n" end if if brow = "" then browrand=16 randomize browrand=Int((browrand*rnd)+1) brow="images/brow/"&browrand&".gif" end if if message1<> "" then call error1(""&message1&"") if message<> "" then call error(""&message&"") else sql = "select * from bqw" Set Rs = Server.CreateObject("ADODB.Recordset") Rs.open sql,conn,3,2 Rs.addnew Rs("bqwusername")=username Rs("bqwzt")=zt Rs("bqwbody")=body Rs("bqwface")=face Rs("bqwbrow")=brow Rs("bqwip")=ip Rs("bqwaddtime")=now if Trim(Session("gigo.cn_ValidateCode"))<>Trim(Request.Form("validatecode")) then Rs("bqwqq")=0 else Rs("bqwqq")=1 end if Rs.update Rs.close session("OldGuestSave")="Saved" sql="select * from admin" Rs.open sql,conn,3,2 if date <> today_time then Rs("today_count") = 1 else Rs("today_count") = Rs("today_count")+1 end if Rs("today_time") = date Rs.update Rs.close set Rs = nothing conn.close set conn = nothing Response.redirect "index.asp" Response.End end if end sub %>