www.gusucode.com > ASP+ACCESS学生信息管理系统设计(源代码+论文) > ASP+ACCESS学生信息管理系统设计(源代码+论文)\赵超\Search.asp
<!--#include file="Top.asp"--> <table width="779" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"> <tr> <td width="228" align="center" valign="top"><br> <br> <table width="95%" border="0" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC" class="TableAll"> <tr> </tr> <tr> </tr> </table> <br> <td width="750"><table height="450" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"> <tr> <td align="center" valign="top" bgcolor="#FFFFFF"> <% '----------------------------------------------------------- '过滤非法SQL字符 '----------------------------------------------------------- function ReplaceBadChar(strChar) if strChar="" then ReplaceBadChar="" else ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","") end if end function '----------------------------------------------------------- '取得表单数据 '----------------------------------------------------------- SelectType=Cint(Request.Form("SelectType")) edunum=ReplaceBadChar(Trim(Request.Form("edunum"))) UNumber=ReplaceBadChar(Trim(Request.QueryString("UserNum"))) 'Response.Write(UserNum) '----------------------------------------------------------- '生成SQL代码 '----------------------------------------------------------- XcUserInfo =1 IF UNumber<> "" Then StrSql="Select * From XcUserInfo where UNumber='" & UNumber & "'" XcUserInfo =2 Else If SelectType=1 Then StrSql="Select * From XcUserInfo where UNumber='" & edunum & "'" Else StrSql="Select * From XcUserInfo where UserName='" & edunum & "'" End If End If 'Response.Write(StrSql) Set Rs=Conn.execute(StrSql) 'Response.Write(XcUserInfo ) If Not Rs.Eof Then IF Cint(XcUserInfo )<>1 then ShowInfo() Else ShowHave() End If Else ShowNot() End If %> <% Sub ShowNot() %> <br> <table width="750" border="0" cellpadding="0" cellspacing="1" class="TableAll" > <tr> <td align="center" class="TrTop"> </td> </tr> <tr> <td height="30" align="center" bgcolor="#FFFFFF" class="9ptred">对不起,没有您要的学生信息</td> </tr> </table> <% End Sub%> <% Sub ShowHave() %> <br> <table width="750" border="0" cellpadding="0" cellspacing="1" class="TableAll" > <tr class="TrTop"> <td width="113" height="25">学号</td> <td width="113" height="25">姓名</td> <td width="163" height="25">详细信息</td> <td width="106">留言</td> </tr> <% Do while Not Rs.Eof %> <tr bgcolor="#FFFFFF"> <td height="30"> <%=Rs("UNumber")%></td> <td> <%=Rs("UserName")%></td> <td><a href="Search.asp?UserNum=<%=Rs("UNumber")%>">详细信息</a></td> <td><a href="RepUser.asp?UserNum=<%=Rs("UNumber")%>&UserName=<%=Rs("UserName")%>" target="_blank">给他/她留言</a></td> </tr> <% Rs.MoveNext Loop %> </table> <% End Sub %> <% Sub ShowInfo() UNumber=ReplaceBadChar(Trim(Request.QueryString("UserNum"))) StrSql="Select * From XcUserInfo where UNumber='" & UNumber & "'" Set Rs=Conn.execute(StrSql) %> <br> <table width="740" border="1" cellpadding="0" cellspacing="1" bordercolor="#ABABAB" background="Images/Byz.gif" class="TableAll" bordercolordark="#FFFFFF"> <tr align="center"> <td colspan="5" class="TrTop">学生详细信息</td> </tr> <tr> <td width="59" height="25" align="center">姓名</td> <td width="101"> <%=Rs("UserName")%></td> <td width="79" align="center">笔名</td> <td width="93"> <%=Rs("PenName")%></td> <td width="112" rowspan="5" align="center" valign="middle"> <% Response.Write("<A href=" & Rs("Pic") & " Target=blank><img src=" & Rs("Pic") &" width=100 height=150 Border=0></A>") %></td> </tr> <tr> <td height="25" align="center">学号</td> <td> <%=Rs("UNumber")%></td> <td align="center">性别</td> <td> <%=Rs("USex")%></td> </tr> <tr> <td height="25" align="center">年龄</td> <td> <%=Rs("UAge")%></td> <td align="center">学制</td> <td> <%=Rs("UserTest")%></td> </tr> <tr> <td height="25" align="center">学历</td> <td> <%=Rs("Edu")%></td> <td align="center">毕业类型</td> <td> <%=Rs("EduType")%></td> </tr> <tr> <td height="25" align="center">入学时间</td> <td> <%=Rs("Intime")%></td> <td align="center">毕业时间</td> <td> <%=Rs("OutTime")%></td> </tr> <tr> <td height="25" align="center">专业</td> <td> <%=Rs("UDep")%></td> <td align="center">班级</td> <td colspan="2"> <%=Rs("UClass")%></td> </tr> <tr> <td height="25" align="center">联系电话</td> <td> <%=Rs("UTel")%></td> <td align="center">给他/她留言</td> <td colspan="2" align="left"><a href="RepUser.asp?UserNum=<%=Rs("UNumber")%>&UserName=<%=Rs("UserName")%>" target="_blank"> 给他/她留言</a></td> </tr> <tr> <td height="25" align="center">其他</td> <td height="190" colspan="4" valign="top"><table width="95%" border="0" align="center" cellpadding="1" cellspacing="1" class="w9pt"> <tr> <td><%=Rs("UOther")%></td> </tr> </table></td> </tr> </table> <% End Sub %> </td> </tr> </table></td> </tr> </table> <!--#include file="Foot.asp"-->