Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
- <!-- #INCLUDE file="inc/settings.asp" -->
- <!-- #INCLUDE file="inc/functions.asp" -->
- <!-- #INCLUDE file="inc/db_connect.asp" -->
- <%
- nameSurname = sqlquote(trim(request.form("name"))) & ""
- comment = sqlquote(trim(request.form("comment")) & "")
- nid = request.form("nid")
- pid = request.form("pid")
- comment_date = DatePart("d",now()) & "/" & DatePart("m",now()) & "/" & DatePart("yyyy",now())
- if vercode = "1234" then
- if nameSurname = "" then nameSurname = "Anonymous" end if
- if comment <> "" then
- strSQL = "INSERT INTO Comments (fName, Comment, DateSubmitted, NewsID) " &_
- "VALUES ('" & nameSurname & "', '" & comment & "', #" & comment_date & "#, " & nid & ");"
- con.execute strSQL
- con.close
- end if
- response.redirect("news.asp?NewsID=" & encrypt(nid) & "&PID=" & encrypt(pid) )
- %>
- <%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
- <!-- #INCLUDE file="inc/settings.asp" -->
- <!-- #INCLUDE file="inc/functions.asp" -->
- <!-- #INCLUDE file="inc/db_connect.asp" -->
- <%
- nameSurname = sqlquote(trim(request.form("name"))) & ""
- comment = sqlquote(trim(request.form("comment")) & "")
- nid = request.form("nid")
- pid = request.form("pid")
- comment_date = DatePart("d",now()) & "/" & DatePart("m",now()) & "/" & DatePart("yyyy",now())
- if vercode = "1234" then
- if nameSurname = "" then
- nameSurname = "Anonymous"
- end if
- if comment <> "" then
- strSQL = "INSERT INTO Comments (fName, Comment, DateSubmitted, NewsID) " &_
- "VALUES ('" & nameSurname & "', '" & comment & "', #" & comment_date & "#, " & nid & ");"
- 'debugging strsql
- con.execute strSQL
- con.close
- end if
- response.redirect("news.asp?NewsID=" & encrypt(nid) & "&PID=" & encrypt(pid) )
- end if
- %>
Add Comment
Please, Sign In to add comment
