Base21上傳檔案

admin

Server.ScriptTimeout = 1800
name = session("name")
id = session("uid")
unit = session("unit")
content = session("content")
ip = Request.ServerVariables("Remote_Addr")
Set basp=Server.CreateObject("basp21")
tOtby=Request.TotalBytes
binrd=Request.BinaryRead(totby)
fn=basp.FormFileName(binrd,"flname")
fs=basp.FormFileSize(binrd,"flname")
fname=Mid(fn,InstrRev(fn,"\")+1)

If Right(LCase(fname),3)="" or instr(fname,"'")<>0 or instr(fname,"""")<>0  or len(fname)>60 Then
   Response.Write "<center>您上傳的檔案為「" & fname & "」<br>其名稱可能有單引號(請將單引號改掉即可)<br>或檔名超過60個字<br>請回到上一頁重新選擇！"

   response.end
End If

If Right(LCase(fname),3)="asp" or Right(LCase(fname),3)="asa" or Right(LCase(fname),3)="cer" or Right(LCase(fname),3)="cdx" or Right(LCase(fname),3)="htr" or instr(fname,"'")<>0 or instr(fname,"""")<>0  or len(fname)>60 Then
   Response.Write "<center>您上傳的檔案為「" & fname & "」<br>其名稱可能有單引號(請將單引號改掉即可)<br>或副檔名為asp與規定不符<br>或檔名超過60個字<br>請回到上一頁重新選擇！"

   response.end
Else

fpath=Server.MapPath("files")&"\"& fname
If basp.FileCheck(fpath)>=0 and basp.Form(binrd,"direct")="cover" Then
        Response.Write "Server 上已有同名檔案, UPLOAD 失敗,請更改檔名或刪除舊檔後重新上傳"
Else
e1=30*1024*1024
e2=100*1024*1024

    '上傳
        leng=basp.FormSaveAs(binrd,"flname",fpath)
       
        If (leng>0 and leng<e1) and (leng+fsize<e2)  Then

        Set conn = Server.CreateObject("ADODB.Connection")
   param = "driver={Microsoft Access Driver (*.mdb)}"
   conn.Open param & ";dbq=" & Server.MapPath("filebase")
       da=date
       sql = "Delete From filebase Where fname='"&fname&"'"
       Set rs=conn.Execute( sql )
       SQLstr="Insert Into filebase (id,name,unit,content,fsize,fname) Values ('"&id&"','"&name&"','"&unit&"','"&content&"','"&leng&"','"&fname&"')"
       Set rs =Conn.Execute(SQLstr)


    '上傳記錄

        sql="INSERT INTO log(name,active,ip) VALUES('" & session("name") & "','上傳 "& fname & "','" & ip & "')"
        set rs=conn.execute(sql)

%>
<body bgcolor="#FFFFCC">

<p align="center">　</p>
<p align="center">　</p>
<%=SQLstr%>
<p align="center">檔案上傳已成功<BR>
上傳檔案之檔名 : <%=fname %><br>
上傳檔案之大小 : <%=leng %> BYTE</p>
<p align="center">
<img border="0" src="images/writenew.gif" width="47" height="41"><a href="editshow.asp">回管理介面</a>&nbsp;&nbsp;
<img border="0" src="images/quit.gif" width="45" height="43"><a href="logout.asp">登出</a><br>

</p>


<p align="center">　</p>



<%
        Else
            
         Set objFileSystem = Server.CreateObject("Scripting.FileSystemObject")
         objFileSystem.DeleteFile Server.MapPath(fname)
Response.Write "<center> 檔案上傳失敗 !檔案可能大於 20M "

       
               
        End If
End If