%@ Language=VBScript %>
<% Option Explicit %>
<% 'µðºñ Ä¿³Ø¼Ç %>
<% '/µðºñ Ä¿³Ø¼Ç %>
<%
dim str,val ' ÇØÇÇÁ¤´åÄÄ Ãß°¡ 2008-05-27
function sqlCheck(str)
val=UCASE(str)
if instr(val, ";") <> 0 Or _
instr(val, "'") <> 0 Or _
instr(val, "--") <> 0 Or _
instr(val, "/*") <> 0 Or _
instr(val, "*/") <> 0 Or _
instr(val, "XP_") <> 0 Or _
instr(val, "DECLARE") <> 0 Or _
instr(val, "SELECT") <> 0 Or _
instr(val, "UPDATE") <> 0 Or _
instr(val, "DELETE") <> 0 Or _
instr(val, "INSERT") <> 0 Or _
instr(val, "SHUTDOWN") <> 0 Or _
instr(val, "DROP") <> 0 then
' response.write "¿À·ù¹ß»ý"
response.Write("")
response.End
Else
sqlCheck=str
end if
end function
'Dim idx : idx=sqlCheck(request("idx"))
'º¯¼ö ¼±¾ð
Dim NewGetTable,GetPage, GetSeq, GetId, GetSearchPart, GetSearchStr
Dim C_id, file_name, fc, storedir
NewGetTable = "mechBoard"
GetSeq = sqlCheck(request("seq"))
GetPage = sqlCheck(request("page"))
GetSearchPart = sqlCheck(request("SearchPart"))
GetSearchStr = sqlCheck(request("SearchStr"))
'C_id = Request.Cookies("USER")("C_id")
'C_passwd = Request.Cookies("USER")("C_pw")
Dim GetBD_PASSWD, GetBD_PASSWD2
GetBD_PASSWD= sqlCheck(request("formBD_PASSWD")) ' ±âÁ¸ ºñ¹Ð¹øÈ£
GetBD_PASSWD2= sqlCheck(request("formDelPasswd")) ' »õ·ÎÀÔ·ÂÇÑ ºñ¹Ð¹øÈ£
if session("admin") = "administrator" or GetBD_PASSWD = GetBD_PASSWD2 then
' ºñ¹Ð¹øÈ£ È®ÀÎ end if ´Â ¸¶Áö¸· ¿¡ À§Ä¡
if GetPage = "" then GetPage = 1
' °ü¸®Àڷα×ÀÎÈÄ »èÁ¦ÇÒ¶§´Â ÀÌ»ó¾ø´Âµ¥... ºñ·Î±×ÀÎÀ϶§´Â ¿Ö ¾Æ·¡¿¡¼ and Å°¿öµå ±ÙóÀÇ ±¸¹®ÀÌ À߸øµÇ¾ú´Ù... ¶ó°í ÇÒ±î?
Sql = "select FILE_NAME from " & NewGetTable & "_PDS where FILE_BD_SEQ = " & GetSeq & " and FILE_BD_TABLE = '" & NewGetTable & "'"
Set Rs = Con.Execute(Sql)
if not (rs.BOF or rs.EOF) then
file_name = Rs(0)
end if
'******************** °Ô½Ã±Û »èÁ¦
Sql = "delete from " & NewGetTable & " where BD_SEQ = " & GetSeq
Con.Execute(Sql)
if not file_name = "" then
'******************** ÆÄÀÏ »èÁ¦
Sql = "delete from " & NewGetTable & "_PDS where FILE_BD_SEQ = " & GetSeq & " and FILE_BD_TABLE = '" & NewGetTable & "'"
Con.Execute(Sql)
set fc = CreateObject("Scripting.FileSystemObject")
storedir = server.mappath("../..") & "\upload\news\"
fc.DeleteFile(storedir & file_name)
set fc=nothing
end if
Rs.close
set rs = nothing
con.close
set con= nothing
'ÆäÀÌÁö À̵¿
Response.Redirect "news.asp?page=" & GetPage & "&SearchPart=" & GetSearchPart & "&SearchStr=" & GetSearchStr
' ºñ¹Ð¹øÈ£ ÀÏÄ¡ È®ÀÎ
else
Response.Write("")
' ºñ¹Ð¹øÈ£ È®ÀÎ Á¾·á
end if
%>