<%@ codepage ="936" %> <% if session("TWT_ARR_ArgALL")="" then response.end TWT_ArrArg=split(session("TWT_ARR_ArgALL"),"=") name=TWT_ArrArg(0) action=request.querystring("action") myid=TWT_ArrArg(1) if instr(request("action"),"'")>0 or instr(request("action"),"or")>0 then Response.Redirect "../error.asp?id=120" if instr(request("name"),"'")>0 or instr(request("name"),"or")>0 then Response.Redirect "../error.asp?id=120" Set conn=Server.CreateObject("ADODB.CONNECTION") Set rs=Server.CreateObject("ADODB.RecordSet") connstr=Application("hg_connstr") conn.open connstr sql="SELECT 防具名 FROM 用户 WHERE ID=" & myid Set Rs=conn.Execute(sql) if rs("防具名")="无" then yused="你已经卸下了" else if action<>"" then sql="select * from 物品 where 类型='防具' and 物品名='" & action & "' and 拥有者='" & name & "'" set rs=conn.execute(sql) if rs.eof or rs.bof then yused="你无此物品" else id=rs("ID") nei=rs("攻击") ti=rs("防御") sql="update 用户 set 防御=防御-'"&ti&"',防具名='无' where 姓名='" & name & "'" yused="〖"& name&"〗卸下了防具" & action & "，现在的防御0" set rs=conn.execute(sql) end if end if end if Response.Redirect "wupin.asp" response.end rs.close set rs=nothing conn.close set conn=nothing %>