File Manager
Back to List
| Current Directory: ~/
Editing: command_add.asp
Full path: C:\ict\ICT\command_add.asp
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<!--#INCLUDE FILE="ConnectDB.asp"--> <!--#include file="chk_login.asp"--> <% pern=session("username") per="2" tb="command" sqlnc="select * from tb_permission where id_staff='"&pern&"' and tb_edit='"&per&"' and tb_name='"&tb&"'" set orsnc=server.createobject("adodb.recordset") orsnc.open sqlnc,conn,1,3 if not orsnc.eof then credirect=request.form("crd") id_type_command=request.form("id_type_command") id_stu=request.form("id_stu") cidauthor=request.form("cidauthor") cno=request.form("cno") cname=request.form("cname") cyear=request.form("cyear") cid=cyear+cidauthor+cno date0=request.form("date0") cdate2=left(date0,2) cmon2=mid(date0,4,2) cyear2=right(date0,4) cday2=cyear2+cmon2+cdate2 cday3=request.form("date1") cdate3=left(cday3,2) cmon3=mid(cday3,4,2) cyear3=right(cday3,4) cdetail=request.form("cdetail") date_mo=now username=session("username") sqlstu="select name_stu, sur_stu, name_eng, sur_eng from student where id_stu='"&id_stu&"'" set orsstu=server.createobject("adodb.recordset") orsstu.open sqlstu,conn,1,3 if not orsstu.eof then cdetail=cdetail+id_stu+orsstu("name_stu")+orsstu("sur_stu")+orsstu("name_eng")+orsstu("sur_eng") end if sqldata="insert into commando(cno,cid_author,cname,cyear,cdetail,cdate2,cmonth2,cyear2,cid,cday2,username,date_mo,cday3,cdate3,cmonth3,cyear3,cfile,id_stu,id_type_command,ctype) values("&cno&",'"&cidauthor&"','"&cname&"','"&cyear&"','"&cdetail&"','"&cdate2&"','"&cmon2&"','"&cyear2&"','"&cid&"','"&cday2&"','"&username&"','"&date_mo&"','"&cday3&"','"&cdate3&"','"&cmon3&"','"&cyear3&"',0,'"&id_stu&"','"&id_type_command&"','"&credirect&"')" 'response.write sqldata set orsdata = Server.CreateObject("adodb.recordset") sqlcheck="select cid from commando where cid='"&cid&"'" set orscheck=server.createobject("adodb.recordset") orscheck.open sqlcheck,conn,1,3 if orscheck.eof then orsdata.open sqldata,conn,1,3 'response.write sqldata %> <SCRIPT LANGUAGE="JavaScript"> <% response.write"alert('�ѹ�֡���������º��������');" response.write "window.location.href='command_detail.asp?id="&cid&"&crd="&credirect&"';" %> </SCRIPT> <% else %> <SCRIPT LANGUAGE="JavaScript"> <% response.write"alert('�ѹ�֡�����ū��');" response.write "window.location.href='command_detail.asp?id="&cid&"&crd="&credirect&"';" %> </SCRIPT> <% end if else %> <SCRIPT LANGUAGE="JavaScript"> <% response.write"alert('�ѹ�֡���������º��������');" response.write "window.location.href='command_detail.asp?id="&cid&"&crd="&credirect&"';" %> </SCRIPT> <% end if %>