asp??
<!--#include file=conn.asp-->
<% '获取数据
on error resume next
' 转换字符串,避免出现小黑字体
' 避免用户输入的html标记"<>"被浏览器解释错,
' 对服务器端的输入格式进行编码
' 原先: 用户名<font style=font-size:100pt>小黑</font>
' 编码后: <...........................>小黑<font>
' 所以读取是文本都是这样
username=Request.QueryString("username")
username=server.HTMLEncode(username)
sex=Request.QueryString("sex")
sex=server.HTMLEncode(sex)
email=Request.QueryString("email")
email=server.HTMLEncode(email)
subject=Request.QueryString("subject")
subject=server.HTMLEncode(subject)
msg=Request.QueryString("msg")
msg=server.HTMLEncode(msg)
%>
<% ' 连接数据库
sql="insert into guestbook(username,sex,email,subject,msg,addtime) values('" '" &username & "','") '<<=======
sql=sql & username & "','"
sql=sql & sex & "','"
sql=sql & email & "','"
sql=sql & subject & "','"
sql=sql & msg & "',#"
sql=sql & now & "#)"
' Response.Write sql
conn.execute(sql) '执行sql语句
if err.number<>0 then
Response.Write "失败原因:" & err.description
else
Response.Write "成功!<a href=showmsg.asp>查看</a>"
end if
%>
<!--#include file=conn.asp-->
<% '获取数据
on error resume next
' 转换字符串,避免出现小黑字体
' 避免用户输入的html标记"<>"被浏览器解释错,
' 对服务器端的输入格式进行编码
' 原先: 用户名<font style=font-size:100pt>小黑</font>
' 编码后: <...........................>小黑<font>
' 所以读取是文本都是这样
username=Request.QueryString("username")
username=server.HTMLEncode(username)
sex=Request.QueryString("sex")
sex=server.HTMLEncode(sex)
email=Request.QueryString("email")
email=server.HTMLEncode(email)
subject=Request.QueryString("subject")
subject=server.HTMLEncode(subject)
msg=Request.QueryString("msg")
msg=server.HTMLEncode(msg)
%>
<% ' 连接数据库
sql="insert into guestbook(username,sex,email,subject,msg,addtime) values('" '" &username & "','") '<<=======
sql=sql & username & "','"
sql=sql & sex & "','"
sql=sql & email & "','"
sql=sql & subject & "','"
sql=sql & msg & "',#"
sql=sql & now & "#)"
' Response.Write sql
conn.execute(sql) '执行sql语句
if err.number<>0 then
Response.Write "失败原因:" & err.description
else
Response.Write "成功!<a href=showmsg.asp>查看</a>"
end if
%>
' if Request.Form("submit")="提交" then '另外一种验证的方法
cname=Request.Form("cname")
if cname<> empty and Request.cookies("added")="" then
'在本题中由于没有文本框,直接判断是否为空是否更好
sql="update vote set " & cname & "=" & cname & "+1"
' Response.Write sql
conn.execute(sql)
Response.Cookies("added")="yes"
end if
set rs=server.CreateObject("adodb.recordset")
rs.Open "vote",conn,adOpenKeyset,adLockOptimistic %>