File Manager
Back to List
|
Up to Parent Directory
| Current Directory: ~/ehealthy
Editing: ehealthy/add3.asp.bak
Full path: C:\ict\ICT\ehealthy\add3.asp.bak
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<!--#INCLUDE FILE="ConnectDB.asp"--> <% q21=request.form("q1") q22=request.form("q2") q23=request.form("q3") q24=request.form("q4") q25=request.form("q5") q26=request.form("q6") q27=request.form("q7") q28=request.form("q8") q29=request.form("q9") q210=request.form("q10") q211=request.form("q11") q212=request.form("q12") q213=request.form("q13") q214=request.form("q14") q215=request.form("q15") q216=request.form("q16") q217=request.form("q17") q218=request.form("q18") q219=request.form("q19") q220=request.form("q20") q221=request.form("q21") q222=request.form("q22") q223=request.form("q23") q224=request.form("q24") q225=request.form("q25") q226=request.form("q26") q227=request.form("q27") q228=request.form("q28") q31=request.form("q31") q32=request.form("q32") q33=request.form("q33") q34=request.form("q34") q35=request.form("q35") q36=request.form("q36") q37=request.form("q37") q38=request.form("q38") q39=request.form("q39") q310=request.form("q310") q311=request.form("q311") q312=request.form("q312") q313=request.form("q313") q314=request.form("q314") q315=request.form("q315") q316=request.form("q316") q317=request.form("q317") q318=request.form("q318") q319=request.form("q319") q320=request.form("q320") q321=request.form("q321") q322=request.form("q322") q323=request.form("q323") q324=request.form("q324") q325=request.form("q325") q326=request.form("q326") q327=request.form("q327") q328=request.form("q328") q329=request.form("q329") q330=request.form("q330") 'datemo=now 'ide=session("ide") ide=request.form("id") sqldata="update ehealth set q21='"&q21&"',q22='"&q22&"',q23='"&q23&"',q24='"&q24&"',q25='"&q25&"',q26='"&q26&"',q27='"&q27&"',q28='"&q28&"',q29='"&q29&"',q210='"&q210&"',q211='"&q211&"',q212='"&q212&"',q213='"&q213&"',q214='"&q214&"',q215='"&q215&"',q216='"&q216&"',q217='"&q217&"',q218='"&q218&"',q219='"&q219&"',q220='"&q220&"',q221='"&q221&"',q222='"&q222&"',q223='"&q223&"',q224='"&q224&"',q225='"&q225&"',q226='"&q226&"',q227='"&q227&"',q228='"&q228&"',q31='"&q31&"',q32='"&q32&"',q33='"&q33&"',q34='"&q34&"',q35='"&q35&"',q36='"&q36&"',q37='"&q37&"',q38='"&q38&"',q39='"&q39&"',q310='"&q310&"',q311='"&q311&"',q312='"&q312&"',q313='"&q313&"',q314='"&q314&"',q315='"&q315&"',q316='"&q316&"',q317='"&q317&"',q318='"&q318&"',q319='"&q319&"',q320='"&q320&"',q321='"&q321&"',q322='"&q322&"',q323='"&q323&"',q324='"&q324&"',q325='"&q325&"',q326='"&q326&"',q327='"&q327&"',q328='"&q328&"',q329='"&q329&"',q330='"&q330&"' where id='"&ide&"'" 'sqldata="insert into elderly(id,q1,q2,q3,q4,q5,q6,q7,q8,q9,q10,q11,q12,q13,q14,q15,q16,q17,q18,q19,q20,q21,datemo,age,s1,e1,st1,l1,lo,w1,h1,h11,h12,h13,ho) values("&id&",'"&q1&"','"&q2&"','"&q3&"','"&q4&"','"&q5&"','"&q6&"','"&q7&"','"&q8&"','"&q9&"','"&q10&"','"&q11&"','"&q12&"','"&q13&"','"&q14&"','"&q15&"','"&q16&"','"&q17&"','"&q18&"','"&q19&"','"&q20&"','"&q21&"','"&datemo&"','"&age&"','"&s1&"','"&e1&"','"&st1&"','"&l1&"','"&lo&"','"&w1&"','"&t1&"','"&t11&"','"&t12&"','"&t13&"','"&ho&"')" set orsdata=server.createobject("adodb.recordset") 'if orscheck.eof then orsdata.open sqldata,conn,1,3 'response.write sqldata 'Response.write "<br>5555"&q22 'a=request.form("id_staff").count 'i=1 'if a>0 then 'do while i<=a '-------------- ' id_staff=request.form("id_staff")(i) 'sqldata="insert into staffletter(username,id_staff,datecreate,id_level,id_letter,statusread) values('"&usercreate&"','"&id_staff&"','"&dcreate&"',"&i&",'"&id_letter&"','0')" ' response.write sqldata ' set orsdata = Server.CreateObject("adodb.recordset") ' sqlcheck="select * from staffletter where id_staff='"&id_staff&"' and id_letter='"&id&"'" ' set orscheck=server.createobject("adodb.recordset") ' orscheck.open sqlcheck,conn,1,3 ' if orscheck.eof then ' orsdata.open sqldata,conn,1,3 ' end if '------------- 'response.write request.form("id_staff")(i)&" checkbox value<br>" 'i=i+1 'loop 'end if %> <SCRIPT LANGUAGE="JavaScript"> <% 'response.write "alert('�ѹ�֡���������º����');" %> </SCRIPT> <form action="result.asp" method="post" name="form1"> <input type="hidden" name="id" value=<%=id%>> <script type="text/javascript"> document.form1.submit(); </script> </form> <% 'response.write "<meta http-equiv='refresh' content ='0;url=result.asp'>" 'else %> <SCRIPT LANGUAGE="JavaScript"> <% 'response.write"alert('�ѹ�֡�����ū��++ ��ҹ��ѹ�֡�����Ź�������');" 'response.write "window.location.href='indexletterin.asp';" %> --> </SCRIPT> <% 'response.write "�����ū�� "&id_letter 'response.write "<meta http-equiv='refresh' content ='7;url=detail_letterin.asp?id="&id_letter&"'>" 'end if %><% 'else %> <SCRIPT LANGUAGE="JavaScript"> <% ' response.write "window.location.href='index.html';" %> --> </SCRIPT>