File Manager
Back to List
|
Up to Parent Directory
| Current Directory: ~/research
Editing: research/upload_abstr.asp.bak
Full path: C:\ict\ICT\research\upload_abstr.asp.bak
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<%@ Language=VBScript %> <% option explicit Response.Expires = -1 Server.ScriptTimeout = 600 %> <!--#include file="freeASPUpload.asp"--> <html> <body> <%' ' 'Response.Expires = -10000 'Server.ScriptTimeOut = 300 check = session("check") 'select case check ' case 1 '���Ѵ��� 'Set theForm = Server.CreateObject("ABCUpload4.XForm") 'Set theField = theForm("filefield1")(1)'show filename 'filename=theField.SafeFileName 'theForm.Overwrite = True 'theForm.MaxUploadSize = 8000000 ''theForm.ID = Request.QueryString("ID") 'Set theField = theForm("filefield1")(1) 'If theField.FileExists Then ' theField.Save "abstract/" &theField.FileName 'End If %> <% Dim uploadsDirVar uploadsDirVar = Server.MapPath("abstract/") %> <% function SaveFiles() Dim Upload, fileName, fileSize, ks, i, fileKey Set Upload = New FreeASPUpload Upload.Save(uploadsDirVar) If Err.Number<>0 then Exit function SaveFiles = "" ks = Upload.UploadedFiles.keys if (UBound(ks) <> -1) then for each fileKey in Upload.UploadedFiles.keys SaveFiles = Upload.UploadedFiles(fileKey).FileName next else SaveFiles = "The file name specified in the upload form does not correspond to a valid file in the system." end if end function %> <% dim filename filename=SaveFiles() response.write filename session("filename")=filename '========================================����ش��� Upload================================= %> <% 'response.write session("id_res_up") 'id_res_=session("id_res_up") 'response.write "up.........."&filename 'sql_check="select * from temp_upload where search_id="&id_res_&"" 'set ors_check=server.createobject("adodb.recordset") 'ors_check.open sql_check,conn,1,3 'if ors_check.eof then 'sqlupload="insert into temp_upload(search_id,abstr) values ("&id_res_&",'"&filename&"')" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'else 'sqlupload="update temp_upload set abstr='"&filename&"' where search_id="&id_res_&"" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'end if %> <!-- <meta http-equiv="refresh" content ="3;url=edit_res.asp?search_id=<%'=id_res_%>">--> <% '�����������������������������������������������������������������������show filename ' case 2 'abstract================================== 'Set theForm = Server.CreateObject("ABCUpload4.XForm") 'Set theField = theForm("filefield1")(1)'show filename 'filename=theField.SafeFileName 'theForm.Overwrite = True 'theForm.MaxUploadSize = 8000000 ''theForm.ID = Request.QueryString("ID") 'Set theField = theForm("filefield1")(1) 'If theField.FileExists Then ' theField.Save "abstract_eng/" &theField.FileName 'End If %> <% 'response.write session("id_res_up") 'id_res_=session("id_res_up") 'response.write "up.........."&filename 'sql_check="select * from temp_upload where search_id="&id_res_&"" 'set ors_check=server.createobject("adodb.recordset") 'ors_check.open sql_check,conn,1,3 'if ors_check.eof then 'sqlupload="insert into temp_upload(search_id,abstr_eng) values ("&id_res_&",'"&filename&"')" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'else 'sqlupload="update temp_upload set abstr_eng='"&filename&"' where search_id="&id_res_&"" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'end if %> <!-- <meta http-equiv="refresh" content ="3;url=edit_res.asp?search_id=<%'=id_res_%>">--> <% '�����������������������������������������������������������������������show filename ' case 3 'abstract================================== 'Set theForm = Server.CreateObject("ABCUpload4.XForm") 'Set theField = theForm("filefield1")(1)'show filename 'filename=theField.SafeFileName 'theForm.Overwrite = True 'theForm.MaxUploadSize = 8000000 ''theForm.ID = Request.QueryString("ID") 'Set theField = theForm("filefield1")(1) 'If theField.FileExists Then ' theField.Save "abstract/" &theField.FileName 'End If %> <% 'response.write session("searchid") 'id_res_=session("searchid") 'response.write "up.........."&filename 'sql_check="select * from temp_upload where search_id="&id_res_&"" 'set ors_check=server.createobject("adodb.recordset") 'ors_check.open sql_check,conn,1,3 'if ors_check.eof then 'sqlupload="insert into temp_upload(search_id,abstr) values ("&id_res_&",'"&filename&"')" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'else 'sqlupload="update temp_upload set abstr='"&filename&"' where search_id="&id_res_&"" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'end if %> <!-- <meta http-equiv="refresh" content ="3;url=add_res.asp?id_res_new=<%'=id_res_%>"> --> <% '==================================================================================== ' case 4 'abstract================================== 'Set theForm = Server.CreateObject("ABCUpload4.XForm") 'Set theField = theForm("filefield1")(1)'show filename 'filename=theField.SafeFileName 'theForm.Overwrite = True 'theForm.MaxUploadSize = 8000000 ''theForm.ID = Request.QueryString("ID") 'Set theField = theForm("filefield1")(1) 'If theField.FileExists Then ' theField.Save "abstract_eng/" &theField.FileName 'End If %> <% 'response.write session("searchid") 'id_res_=session("searchid") 'response.write "up.........."&filename 'sql_check="select * from temp_upload where search_id="&id_res_&"" 'set ors_check=server.createobject("adodb.recordset") 'ors_check.open sql_check,conn,1,3 'if ors_check.eof then 'sqlupload="insert into temp_upload(search_id,abstr_eng) values ("&id_res_&",'"&filename&"')" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'else 'sqlupload="update temp_upload set abstr_eng='"&filename&"' where search_id="&id_res_&"" 'set orsupload = Server.CreateObject("adodb.recordset") 'response.write sql_upload 'orsupload.open sqlupload,conn,1,3 'end if %> <!-- <meta http-equiv="refresh" content ="3;url=add_res.asp?id_res_new=<%'=id_res_%>">--> <% 'end select ' ' %> Upload Complete... </body> </html>