高考问答word2013取消只读模式:奇怪的asp错误!高手进来看看!指点迷津!
来源:百度文库 编辑:高考问答 时间:2024/04/29 19:22:40
这页功能是查看收到信息的详细内容。这页能正常运行,但有一个奇怪的现象:其他用户名都能正常查看信息,但是只有一个叫“lily”的用户名不能正常查看,而是显示resp.asp?cmd=msg_owner这页的内容:您不是该信息的接收者无此权限!
<!--#include file="conn.asp"-->
<%
Dim user_name
user_name = session("user_name")
%>
<html>
<head>
</head>
<body>
<%
'获取传值
dim vid
vid=Request.QueryString("id")
IF isNumeric(vid) THEN
vid=CLng(vid)
ELSE
Response.Redirect "resp.asp"
END IF
%>
<div align="center">
<div align="right">
<table border="1" width="985" id="table1" height="488">
<tr>
<td width="168">
<!--#include file="left.asp"-->
</td>
<td width="801">
<div align="center">
<table width="700" height="51" border="0" cellspacing="0" cellpadding="0" class="rdbar" id="table7"><tr>
<td width="100%" height="100%">
<a href="login.asp">[首页]</a>-<a href="msgbox.asp">[站内消息箱]</a>-<font class="ft1">查看消息</font>
</td>
</tr></table>
</div>
<table align="center" width="709" height="233" border="0" cellspacing="0" cellpadding="6" class="rdd" id="table8">
<tr>
<td valign="top" class="rdk2">
<%
'读取相应的消息
sqlstr="SELECT u.user_ID,u.user_name,u.user_sex,m.* FROM users AS u INNER JOIN mail AS m ON u.user_name=m.m_from WHERE m.m_ID="&vid
rs.open sqlstr,conn,1,3
If rs.eof AND rs.bof Then
Response.Redirect "resp.asp?cmd=msg_idmiss"
ElseIf rs("m_to")<>user_name Then
Response.Redirect "resp.asp?cmd=msg_owner"
End If
%>
<table align="center" width="100%" height="37" border="0" cellspacing="0" cellpadding="0" class="rdd" id="table9">
<tr>
<td width="50%" height="100%" class="rdr"><b>发送人:<% =rs("m_from") %></b>
<td width="50%" height="100%"><b>发送日期:</b><% =rs("m_date") %></td>
</tr>
</table>
<table align="center" width="100%" height="47" border="0" cellspacing="0" cellpadding="0" class="intbl" id="table10">
<tr>
<td width="100%" height="100%" class="rdd"><b>消息标题:</b><% =rs("m_title") %></td>
</tr>
</table>
<table align="center" width="100%" height="25" border="0" cellspacing="0" cellpadding="0" class="intbl" id="table11">
<tr>
<td width="100%" height="100%" valign="top" class="rde"><b>消息内容:</b>
<br><% =rs("m_content") %>
<p align="right">
<a href="msgwr.asp?id=<% =rs("user_ID") %>">[回消息]</a>
<a href="msgdel.asp?id=<% =vid %>">[删除]</a>
</p>
</td>
</tr>
</table>
<%
'已读处理
if rs("m_haveread")=False then
rs("m_haveread")=True
rs.update
mnew=conn.Execute("SELECT COUNT(m_ID) FROM mail WHERE m_to='"&user_name&"' AND m_haveread=false",0,1)(0)
sqlstr="UPDATE users SET newmsg="&mnew&" WHERE user_ID="&user_ID
conn.Execute sqlstr
end if
rs.close
%>
</body>
</html>
<!--#include file="conn.asp"-->
<%
Dim user_name
user_name = session("user_name")
%>
<html>
<head>
</head>
<body>
<%
'获取传值
dim vid
vid=Request.QueryString("id")
IF isNumeric(vid) THEN
vid=CLng(vid)
ELSE
Response.Redirect "resp.asp"
END IF
%>
<div align="center">
<div align="right">
<table border="1" width="985" id="table1" height="488">
<tr>
<td width="168">
<!--#include file="left.asp"-->
</td>
<td width="801">
<div align="center">
<table width="700" height="51" border="0" cellspacing="0" cellpadding="0" class="rdbar" id="table7"><tr>
<td width="100%" height="100%">
<a href="login.asp">[首页]</a>-<a href="msgbox.asp">[站内消息箱]</a>-<font class="ft1">查看消息</font>
</td>
</tr></table>
</div>
<table align="center" width="709" height="233" border="0" cellspacing="0" cellpadding="6" class="rdd" id="table8">
<tr>
<td valign="top" class="rdk2">
<%
'读取相应的消息
sqlstr="SELECT u.user_ID,u.user_name,u.user_sex,m.* FROM users AS u INNER JOIN mail AS m ON u.user_name=m.m_from WHERE m.m_ID="&vid
rs.open sqlstr,conn,1,3
If rs.eof AND rs.bof Then
Response.Redirect "resp.asp?cmd=msg_idmiss"
ElseIf rs("m_to")<>user_name Then
Response.Redirect "resp.asp?cmd=msg_owner"
End If
%>
<table align="center" width="100%" height="37" border="0" cellspacing="0" cellpadding="0" class="rdd" id="table9">
<tr>
<td width="50%" height="100%" class="rdr"><b>发送人:<% =rs("m_from") %></b>
<td width="50%" height="100%"><b>发送日期:</b><% =rs("m_date") %></td>
</tr>
</table>
<table align="center" width="100%" height="47" border="0" cellspacing="0" cellpadding="0" class="intbl" id="table10">
<tr>
<td width="100%" height="100%" class="rdd"><b>消息标题:</b><% =rs("m_title") %></td>
</tr>
</table>
<table align="center" width="100%" height="25" border="0" cellspacing="0" cellpadding="0" class="intbl" id="table11">
<tr>
<td width="100%" height="100%" valign="top" class="rde"><b>消息内容:</b>
<br><% =rs("m_content") %>
<p align="right">
<a href="msgwr.asp?id=<% =rs("user_ID") %>">[回消息]</a>
<a href="msgdel.asp?id=<% =vid %>">[删除]</a>
</p>
</td>
</tr>
</table>
<%
'已读处理
if rs("m_haveread")=False then
rs("m_haveread")=True
rs.update
mnew=conn.Execute("SELECT COUNT(m_ID) FROM mail WHERE m_to='"&user_name&"' AND m_haveread=false",0,1)(0)
sqlstr="UPDATE users SET newmsg="&mnew&" WHERE user_ID="&user_ID
conn.Execute sqlstr
end if
rs.close
%>
</body>
</html>
vid=Request.QueryString("id")
在这个网页首先检查vid变量<%=vid%>,是不是空值,如果是,是上一页传输出现问题,检查后,你就知道了。
是不是用户名只能是数字???
IF isNumeric(vid) THEN
vid=CLng(vid)
ELSE
Response.Redirect "resp.asp"