% DbPath = SERVER.MapPath("../database/topboy-2002.mdb") Set conn = Server.CreateObject("ADODB.Connection") conn.open "driver={Microsoft Access Driver (*.mdb)};dbq=" & DbPath %> <% set rs=server.createobject("adodb.recordset") pname = trim(Request("pname")) sql="select * from topboy_product where productname = '" & pname & "'" 'response.write sql 'response.end rs.open sql,conn,adOpenkeyset,adlockoptimistic,adcmdtext if rs.eof and rs.bof then response.write"" Response.write "出现错误,可能的原因是该商品不存在或者在商品名称中使用了“&”符号!" Response.write "*请按此返回..." Response.write " 或 " Response.write "*请按此关闭..." Response.end end if If request("imageadd.x") <> "" Then if isnumeric(request("quantity")) = false then response.write"" Response.write " 您好,数量请您填写数字!" Response.write "请按此返回..." Response.end end if session("username") = "guest" session("orderid")=session("username")&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now) sql="insert into topboy_orderproduct (orderid,ordername,productname,price,quantity,freight) values('"& session("orderid") &"','"& session("username") &"','"& rs("productname") &"','"& rs("price") &"','"& request("quantity") &"','"& rs("freight") &"')" 'response.write sql 'response.end conn.execute sql response.redirect "front-submit.asp" response.end end if %>
|