<%@ LANGUAGE=VBScript codepage ="936" %> <% Response.Expires=0 Response.ExpiresAbsolute = Now() - 1 Response.AddHeader "Pragma","No-Cache" Response.AddHeader "Cache-Control","Private" Response.CacheControl = "No-Cache" if session("TWT_ARR_ArgALL")="" then response.end TWT_ArrArg=split(session("TWT_ARR_ArgALL"),"=") name=TWT_ArrArg(0) grade=TWT_ArrArg(2) myid=TWT_ArrArg(1) wg=request("wg") pai=request("pai") a=request("a") wg1=request.form("wg1") nl=request.form("nl") name=request.form("name") pass=request.form("pass") if instr(repass,"'")>0 or instr(pass,",")>0 or instr(nl,",")>0 or instr(wg,",")>0 or instr(wg1,",")>0 or instr(name,",")>0 then response.write "你好呀！黑客先生，这回不灵了吧？！" response.end end if %> <% pass=jiamipass(pass) Set conn=Server.CreateObject("ADODB.CONNECTION") Set rs=Server.CreateObject("ADODB.RecordSet") connstr=Application("hg_connstr") conn.open connstr if nl>100000 then%> <% elseif nl<=0 then%> <% else sql="SELECT * FROM 门派 where 掌门='" & name & "'" Set Rs=conn.Execute(sql) if rs.eof or rs.bof then response.write "你不是本派的掌门人" conn.close response.end end if sql="SELECT * FROM 用户 where 姓名='" & name & "' and 密码='" & pass & "'" Set Rs=conn.Execute(sql) if rs.bof or rs.eof then response.write "你不是本派的掌门人" conn.close response.end end if if a="m" then sql="update 武功 set 武功='" & wg1 & "', 内力=" & nl & " where 门派='" & pai & "' and 武功='" & wg & "'" Set Rs=conn.Execute(sql) end if if a="n" then sql="insert into 武功(武功,门派,内力) values ('" & wg1 & "','" & pai & "'," & nl & ")" Set Rs=conn.Execute(sql) end if conn.close Response.Redirect "setwg.asp" end if %>