<%@ Language=VBScript %> <% Option Explicit %> <% 'µðºñ Ä¿³Ø¼Ç %> <% '/µðºñ Ä¿³Ø¼Ç %> <% dim str,val ' ÇØÇÇÁ¤´åÄÄ Ãß°¡ 2008-05-27 function sqlCheck(str) val=UCASE(str) if instr(val, ";") <> 0 Or _ instr(val, "'") <> 0 Or _ instr(val, "--") <> 0 Or _ instr(val, "/*") <> 0 Or _ instr(val, "*/") <> 0 Or _ instr(val, "XP_") <> 0 Or _ instr(val, "DECLARE") <> 0 Or _ instr(val, "SELECT") <> 0 Or _ instr(val, "UPDATE") <> 0 Or _ instr(val, "DELETE") <> 0 Or _ instr(val, "INSERT") <> 0 Or _ instr(val, "SHUTDOWN") <> 0 Or _ instr(val, "DROP") <> 0 then ' response.write "¿À·ù¹ß»ý" response.Write("") response.End Else sqlCheck=str end if end function 'Dim idx : idx=sqlCheck(request("idx")) 'º¯¼ö ¼±¾ð Dim NewGetTable,GetPage, GetSeq, GetId, GetSearchPart, GetSearchStr Dim C_id, file_name, fc, storedir NewGetTable = "mechBoard" GetSeq = sqlCheck(request("seq")) GetPage = sqlCheck(request("page")) GetSearchPart = sqlCheck(request("SearchPart")) GetSearchStr = sqlCheck(request("SearchStr")) 'C_id = Request.Cookies("USER")("C_id") 'C_passwd = Request.Cookies("USER")("C_pw") Dim GetBD_PASSWD, GetBD_PASSWD2 GetBD_PASSWD= sqlCheck(request("formBD_PASSWD")) ' ±âÁ¸ ºñ¹Ð¹øÈ£ GetBD_PASSWD2= sqlCheck(request("formDelPasswd")) ' »õ·ÎÀÔ·ÂÇÑ ºñ¹Ð¹øÈ£ if session("admin") = "administrator" or GetBD_PASSWD = GetBD_PASSWD2 then ' ºñ¹Ð¹øÈ£ È®ÀÎ end if ´Â ¸¶Áö¸· ¿¡ À§Ä¡ if GetPage = "" then GetPage = 1 ' °ü¸®Àڷα×ÀÎÈÄ »èÁ¦ÇÒ¶§´Â ÀÌ»ó¾ø´Âµ¥... ºñ·Î±×ÀÎÀ϶§´Â ¿Ö ¾Æ·¡¿¡¼­ and Å°¿öµå ±ÙóÀÇ ±¸¹®ÀÌ À߸øµÇ¾ú´Ù... ¶ó°í ÇÒ±î? Sql = "select FILE_NAME from " & NewGetTable & "_PDS where FILE_BD_SEQ = " & GetSeq & " and FILE_BD_TABLE = '" & NewGetTable & "'" Set Rs = Con.Execute(Sql) if not (rs.BOF or rs.EOF) then file_name = Rs(0) end if '******************** °Ô½Ã±Û »èÁ¦ Sql = "delete from " & NewGetTable & " where BD_SEQ = " & GetSeq Con.Execute(Sql) if not file_name = "" then '******************** ÆÄÀÏ »èÁ¦ Sql = "delete from " & NewGetTable & "_PDS where FILE_BD_SEQ = " & GetSeq & " and FILE_BD_TABLE = '" & NewGetTable & "'" Con.Execute(Sql) set fc = CreateObject("Scripting.FileSystemObject") storedir = server.mappath("../..") & "\upload\news\" fc.DeleteFile(storedir & file_name) set fc=nothing end if Rs.close set rs = nothing con.close set con= nothing 'ÆäÀÌÁö À̵¿ Response.Redirect "news.asp?page=" & GetPage & "&SearchPart=" & GetSearchPart & "&SearchStr=" & GetSearchStr ' ºñ¹Ð¹øÈ£ ÀÏÄ¡ È®ÀÎ else Response.Write("") ' ºñ¹Ð¹øÈ£ È®ÀÎ Á¾·á end if %>