%
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
Fy_In = ";@@@@@@and@@@@@@exec@@@@@@insert@@@@@@select@@@@@@delete@@@@@@update@@@@@@count@@@@@@*@@@@@@%@@@@@@chr@@@@@@mid@@@@@@master@@@@@@truncate@@@@@@char@@@@@@declare@@@@@@|"
Fy_Inf = split(Fy_In,"@@@@@@")
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.End
End If
Next
Next
End If
%>
<%
id=request("id")
page=request("page")
block=request("block")
%>
BOARD
<%
if session("login")<>admin_name and request("mode")<>"memo" then
UpdateSQL = "Update "&tb&" Set visit = visit+1 where id = " & id
db.Execute UpdateSQL
end if
SQL = "SELECT * from "&tb&" where id = " & id
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open SQL,db
%>
<%
id = rs("id")
name = rs("name")
email = rs("email")
url = rs("url")
title = rs("title")
content = rs("content")
writeday = rs("writeday")
visit = rs("visit")
tag = rs("tag")
num = rs("num")
re = rs("re")
resame = rs("resame")
reid = rs("reid")
filename=rs("filename")
filesize=rs("filesize")
down=rs("down")
if session("login")=admin_name then
pin=rs("pin")
end if
if filename="none" then
filename=""
filesize=""
end if
if email="none" then
email=""
end if
if url="none" then
url=""
end if
if rs("ip")<>"" then
ip=rs("ip")
else
ip="000.000.000.000"
end if
if tag = "tag_ok" then
title = CheckWord(title)
content = CheckWord(content)
else
title = replace(title,""","'")
content = replace(content,""","'")
end if
if request("search")<>"" then
st=request("st")
st=request("st")
sn=request("sn")
search=request("search")
if st="ok" then
title = replace(title,search,""&search&"")
end if
if st="ok" then
content = replace(content,search,""&search&"")
end if
if sn="ok" then
name = replace(name,search,""&search&"")
end if
end if
%>
<% '»èÁ¦Çϱ⠺κР³ªÅ¸³»±â ³¡ %>
<% '--------------- ÄÚ¸àÆ® ºÎºÐ ½ÃÀÛ ---------------------------- %>
<% if admin_comment="yes" then %>
<%
com_SQL = "SELECT * FROM inno_comment where tb='"&tb&"' and com_num="&id&" order by ID DESC"
Set com_rs = Server.CreateObject("ADODB.Recordset")
com_rs.Open com_SQL,db,1
%>
<%
i=1
Do until com_rs.EOF
if i mod 2 = 0 then
bgcolor="#ffffff"
else
bgcolor="whitesmoke"
end if
com_num=com_rs("com_num")
com_id=com_rs("id")
com_name=com_rs("com_name")
com_writeday=com_rs("com_writeday")
com_memo=com_rs("com_memo")
if session("login")=admin_name then
com_pin=com_rs("com_pin")
end if
%>
¢Æ À§ÀÇ COMMENT ¸¦ »èÁ¦ÇÕ´Ï´Ù. ºñ¹Ð¹øÈ£¸¦ ÀÔ·ÂÇØÁÖ¼¼¿ä. value="<%=com_pin%>" <% end if %>>
<%
com_rs.movenext
i=i+1
loop
%>
<%
com_rs.Close
set com_rs=nothing
%>
<% end if %>
<% '--------------- ÄÚ¸àÆ® ºÎºÐ ³¡ ---------------------------- %>
<% if relation="content" then %>
<%
rs.Close
SQL = "SELECT (num) FROM "&tb&" where reid = 0 and re > " & re
Set rs = db.Execute(SQL)
if not (rs.BOF or rs.EOF) then
content_back = rs(0)
end if
rs.Close
SQL = "SELECT max(num) FROM "&tb&" where reid = 0 and re < " & re
Set rs = db.Execute(SQL)
if not (rs.BOF or rs.EOF) then
content_next = rs(0)
end if
rs.Close
SQL = "SELECT * FROM "&tb&" where re = " & re
if content_back <> "" then
SQL = SQL & " or num =" & content_back
end if
if content_next <> "" then
SQL = SQL & " or num =" & content_next
end if
SQL = SQL & " order by re desc,reid asc"
rs.Open SQL,db
%>
<% if Rs.BOF or Rs.EOF then
else
%>
<%
Do until Rs.EOF
name = rs("name")
write_diff=rs("writeday")
writeday = left(rs("writeday"),8)
email = rs("email")
url = rs("url")
title = rs("title")
tag = rs("tag")
resame=rs("resame")
visit=rs("visit")
num = rs("num")
filename=rs("filename")
filesize=rs("filesize")
blank=4*resame
if filename="none" then
filename=""
filesize=""
end if
if num=0 then
num="--"
end if
if email="none" then
email=""
end if
if url="none" then
url=""
end if
blank=4*resame
if left(now,2) = "20" then
nowday = mid(now,3)
else
nowday = now
end if
if tag="tag_ok" then
title=CheckWord(title)
if Len(title) > 38 then
title=mid(title,1,39)&".."
end if
name=CheckWord(name)
If Len(name) > 15 Then
name = Mid(name,1,16) & ".."
End If
else
if Len(title) > 30 then
title=mid(title,1,31)&".."
end if
title=replace(title,""","'")
If Len(name) > 4 Then
name = Mid(name,1,5) & ".."
End If
name=replace(name,""","'")
end if
if mode="search" then
if st="ok" then
title = replace(title,search,""&search&"")
end if
if sn="ok" then
name = replace(name,search,""&search&"")
end if
end if
%>
<% '---------- ÄÚ¸àÆ® ½ÃÀÛ --- %>
<%
com_SQL = "SELECT * FROM inno_comment where tb='"&tb&"' and com_num="&rs("id")
Set com_rs = Server.CreateObject("ADODB.Recordset")
com_rs.Open com_SQL,db,1
if rs.BOF or rs.EOF then
else
com_record = com_rs.RecordCount
end if
%>
<% '---------- ÄÚ¸àÆ® ³¡ --- %>