<%@ LANGUAGE=VBScript codepage ="936" %> <% Response.Expires=0 Response.ExpiresAbsolute = Now() - 1 Response.AddHeader "Pragma","No-Cache" Response.AddHeader "Cache-Control","Private" Response.CacheControl = "No-Cache" if session("TWT_ARR_ArgALL")="" then response.end TWT_ArrArg=split(session("TWT_ARR_ArgALL"),"=") my=TWT_ArrArg(0) grade=TWT_ArrArg(2) myid=TWT_ArrArg(1) id=request("id") if InStr(id,"=")<>0 or InStr(id,"`")<>0 or InStr(id,"'")<>0 or InStr(id," ")<>0 or InStr(id,"　")<>0 or InStr(id,"'")<>0 or InStr(id,chr(34))<>0 or InStr(id,"\")<>0 or InStr(id,",")<>0 or InStr(id,"<")<>0 or InStr(id,">")<>0 then Response.Redirect "../error.asp?id=120" Set conn=Server.CreateObject("ADODB.CONNECTION") Set rs=Server.CreateObject("ADODB.RecordSet") connstr=Application("hg_connstr") conn.open connstr sql="select 会员 from 用户 where ID=" & myid set rs=conn.execute(sql) hy=rs("会员") if hy<>"yes" and hy<>"yess" and hy<>"gold" and hy<>"golds" then call webbox("你不是江湖会员，不能购买道具!") conn.close response.end end if %> <% if rs.eof or rs.bof then call webbox("你不是江湖中人，不能购买道具!") conn.close response.end else sql="SELECT 物品名,银两,银两无,类型,攻击,防御,状态,内力,体力,说明 FROM 物品买 where (类型='道具攻' or 类型='道具防' or 类型='道具免' or 类型='道具抢') and ID=" & id Set Rs=conn.Execute(sql) if rs.eof or rs.bof then call webbox("哪里有这样的物品，你是不是在作弊!") else wu=rs("物品名") yin=rs("银两") yinw=rs("银两无") lx=rs("类型") gj=rs("攻击") fy=rs("防御") zt=rs("状态") nl=rs("内力") tl=rs("体力") sm=rs("说明") sql="select 经验 from 用户 where id=" & myid rs=conn.execute(sql) if yin<=rs("经验") then sql="update 用户 set 经验=经验-" & yin & " where 姓名='" & my & "'" rs=conn.execute(sql) sql="select 数量 from 物品 where 物品名='" & wu & "' and 拥有者='" & my & "'" set rs=conn.execute(sql) if rs.eof or rs.bof then sql="insert into 物品(物品名,拥有者,类型,说明,内力,体力,攻击,防御,状态,银两无,银两) values ('"&wu&"','"&my&"','"&lx&"','"&sm&"','"&nl&"','"&tl&"','"&gj&"','"&fy&"','"&zt&"','"&yinw&"','"&yin&"')" rs=conn.execute(sql) sql="update 物品 set 数量=1 where 物品名='" & wu & "' and 拥有者='" & my & "'" rs=conn.execute(sql) call webbox("购买成功") else if rs("数量")<10 then sql="update 物品 set 数量=数量+1 where 物品名='" & wu & "' and 拥有者='" & my & "'" rs=conn.execute(sql) conn.close call webbox("购买成功") else call webbox("购买不成功，原因：你买的物品太多了，没有地方放了,只好扔掉了。") conn.close response.end end if end if else call webbox("购买不成功，原因：你的金币不够!") conn.close response.end end if end if set rs=nothing end if sub webbox(says) %> <%end sub%>