<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="cn.asp"-->
<%
Function killBadWords(str)
badword="妈妈的|你妈的|操|滚|黄片|我靠|fuck|bitch|他妈的|性爱|法轮功|法轮|falundafa|falun|主席|泽民|操你妈|三级片|洪志|锦涛|王八|王八蛋"
If Not(IsNull(badword) or isnull(Str)) Then
'通过split函数,badwords成了程度为16的一维叔祖
badwords = split(badword, "|")
'wordnum保存数组的元素个数
wordnum=UBound(badwords)
For i = 0 to wordnum
str = Replace(str, badwords(i), string(len(badwords(i)),"*"))
Next
killBadWords = str
End If
End Function
dim to_user,title,words
to_user=Trim(Request("to_user"))
title=Trim(Request("title"))
words=Trim(Request("words"))
dim rs_chk
set rs_chk=server.CreateObject("adodb.recordset")
rs_chk.open "select * from user1 where user_name='"&to_user&"'",cn,1,1
if rs_chk.eof then
response.Write "<script>alert('发送失败:收件人不存在');history.back();</script>"
response.End()
end if
dim rs
set rs=server.CreateObject("adodb.recordset")
rs.open "select * from user1 where user_name='"&session("user_name")&"'",cn,1,1
If rs("vip")=False then
words=killBadWords(words )
title=killBadWords(title )
end if
If Not rs.Eof then
If rs("words_enable")=false then
response.Write "<script>alert('您是普通用户,一个月只能发送10条留言!');history.back();</script>"
response.End()
end if
end if
If rs("vip")=False then
if (Len(words)>200) then
response.Write "<script>alert('您是普通用户,发送留言的字数不能超过200个字!');history.back();</script>"
response.End()
end if
Else
if (Len(words)>400) then
response.Write "<script>alert('发送留言的字数不能超过400个字!');history.back();</script>"
response.End()
end if
End if
dim rs_out,rs_in
dim sql_out,sql_in
sql_out="insert into outbox (user_name,to_username,title,words,vip) values('"
sql_out=sql_out&session("user_name")&"','"
sql_out=sql_out&to_user&"','"
sql_out=sql_out&title&"','"
sql_out=sql_out&words&"','"
if session("vip")=True then
vp=1
elseif session("vip")=False then
vp=0
end if
sql_out=sql_out&vp&"')"
cn.execute sql_out
set rs_in=server.CreateObject("adodb.recordset")
rs_in.open "select * from inbox",cn,1,3
rs_in.addnew()
rs_in("user_name")=to_user
rs_in("from_username")=session("user_name")
rs_in("title")=title
rs_in("words")=words
rs_in.update()
response.Redirect("message.asp")
%>
不显示出错信息,但是不出现正确的显示结果????
提交后在地址栏中显示如下信息,说明已正确传递参数,但是为什么将内容写不到库里呢?!!
http://localhost/beijinglife/friend/msg_add.asp?to_user=mengya&title=aaaaaaa&num=34&words=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa