如果将SHOW.ASP的内容包在LOGINOK.ASP中,可以实现只显示当前用户所属数据!但是一点查询就返回LOGIN.ASP~~~~~~
代码如下:
<% @ LANGUAGE="VBScript" %>
<%
sId=Trim(Request.Form("txtsID"))
sPId=Trim(Request.Form("sPId"))
If sId="" or sPId="" Then
Response.Redirect( "login.asp")
Else Response.Write("Welcome!")
End If
%>
<!--#INCLUDE FILE="adovbs.inc"-->
<!--#INCLUDE FILE="dbtest_Conn.asp"-->
<HTML>
<HEAD>
<TITLE>供应商登录系统</TITLE>
</HEAD>
<BODY>
<% session("sId")="txtsID" %>
<%
Dim cn1, rs1, sql1
Set cn1=Server.CreateObject("ADODB.Connection")
Set rs1=Server.CreateObject("ADODB.Recordset")
cn1.ConnectionString="FILE NAME=E:\web\dbtestlinks.UDL"
sql1="SELECT * FROM supp WHERE sId='" & sId & "' and sParentId='" & sPId & "'"
cn1.Open
rs1.Open sql1,cn1
If rs1.EOF Then
rs1.close
cn1.Close
Set cn1=Nothing
Response.Redirect "login.asp"
Response.Write "No the user!"
Else
rs1.close
cn1.Close
Set cn1=Nothing
Response.Cookies("UsersID")=sId
Response.Write("Welcome!")
End if
%>
<%
dim SqlConn,SqlRecSet
dim StrSQL
dim PurBn,PurBd,PurBs,PurBc,PurSr,PurRq,PurBrd,PurIn
%>
<%
OpenConn()
Set SqlRecSet=Server.CreateObject("ADODB.RECORDSET")
genSQLstr()
StrSQL="select * from pur_order where sSuppId='" & sId & "'"+StrSQL
SqlRecSet.Open StrSQL,SqlConn,adOpenForwardOnly,adLockReadOnly
%>
<%
Function genSQLstr()
if Request.Form("PurBn")<>"" then
StrSQL=StrSQL+"and sBillNo like '%"+Request.Form("PurBn")+"%'"
end if
if Request.Form("PurBd")<>"" then
StrSQL=StrSQL+"and dBillDay like '%"+Request.Form("PurBd")+"%'"
end if
if Request.Form("PurSr")<>"" then
StrSQL=StrSQL+"and sSuppId like '%"+Request.Form("PurSr")+"%'"
end if
if Request.Form("PurBrd")<>"" then
StrSQL=StrSQL+"and dRecDate like '%"+Request.Form("PurBd")+"%'"
end if
End function
%>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>订单查询</title>
</head>
<body>
<div align="center">
<span class="pagenote1">订单查询</span>
</div>
<hr>
<form name="PurForm" method="post" >
<table width="566" align="center">
<tr>
<td width="558" bordercolor="#000000" bgcolor="#99CCCC">
<p>订单号:
<input name="PurBn" type="text" size=20>
订单日期 :
<input name="PurBd" type="text" size=16>
</p>
<p>交货日期:
<input name="PurBrd" type="text" size=16>
供应商:
<input name="PurSr" type="text" size=16>
</p>
<center><input name="PurUp" value="查询" type="submit" ></center>
</table>
</form>
<div align="center">
<table width="731" border="1" align="center"
cellspacing="0" bordercolor="#000000"
bordercolorlight="#000000" bordercolordark="#FFFFFF">
</table>
<tr class="tableth1"><td height="22" width="725"><table width="742" border="1" align="center"
cellspacing="0" bordercolor="#000000"
bordercolorlight="#000000" bordercolordark="#FFFFFF"><td><table width="742" border="1" align="center"
cellspacing="0" bordercolor="#000000"
bordercolorlight="#000000" bordercolordark="#FFFFFF">
<tr class="tableth1">
<td height="22" width="119">订单号</td>
<td height="22" width="88">订单日期</td>
<td height="22" width="73">物料数量</td>
<td height="22" width="96">物料编码</td>
<td height="22" width="72">物料名称</td>
<td height="22" width="44">供应商</td>
<td height="22" width="97">交货日期</td>
<td height="22" width="119">已收数量</td>
</tr>
<%
while not SqlRecSet.EOF
PurBn=SqlRecSet.Fields("sBillNo").value
PurBd=SqlRecSet.Fields("dBillDay").value
Purbs=SqlRecSet.Fields("fQty").value
PurBc=SqlRecSet.Fields("sItemId").value
PurIn=SqlRecSet.Fields("sItemId_Name").value
PurSr=SqlRecSet.Fields("sSuppId").value
PurRq=SqlRecSet.Fields("fRecQty").value
PurBrd=SqlRecSet.Fields("dRecDate").value
%>
<td><%=PurBn%></td>
<td><%=PurBd%></td>
<td><%=PurBs%></td>
<td><%=PurBc%></td>
<td><%=PurIn%></td>
<td><%=PurSr%></td>
<td><%=PurBrd%></td>
<td><%=PurRq%></td>
</tr>
<%
SqlRecSet.MoveNext
wend
SqlRecSet.Close
SqlConn.Close
%>
</table></td>
</tr>
</table></td>
</tr>
</BODY>
</HTML>