www.gusucode.com > ASP+ACCESS学生信息管理系统设计(源代码+论文) > ASP+ACCESS学生信息管理系统设计(源代码+论文)\赵超\Search.asp
<!--#include file="Top.asp"-->
<table width="779" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td width="228" align="center" valign="top"><br>
<br>
<table width="95%" border="0" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC" class="TableAll">
<tr>
</tr>
<tr>
</tr>
</table>
<br>
<td width="750"><table height="450" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td align="center" valign="top" bgcolor="#FFFFFF">
<%
'-----------------------------------------------------------
'过滤非法SQL字符
'-----------------------------------------------------------
function ReplaceBadChar(strChar)
if strChar="" then
ReplaceBadChar=""
else
ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","")
end if
end function
'-----------------------------------------------------------
'取得表单数据
'-----------------------------------------------------------
SelectType=Cint(Request.Form("SelectType"))
edunum=ReplaceBadChar(Trim(Request.Form("edunum")))
UNumber=ReplaceBadChar(Trim(Request.QueryString("UserNum")))
'Response.Write(UserNum)
'-----------------------------------------------------------
'生成SQL代码
'-----------------------------------------------------------
XcUserInfo =1
IF UNumber<> "" Then
StrSql="Select * From XcUserInfo where UNumber='" & UNumber & "'"
XcUserInfo =2
Else
If SelectType=1 Then
StrSql="Select * From XcUserInfo where UNumber='" & edunum & "'"
Else
StrSql="Select * From XcUserInfo where UserName='" & edunum & "'"
End If
End If
'Response.Write(StrSql)
Set Rs=Conn.execute(StrSql)
'Response.Write(XcUserInfo )
If Not Rs.Eof Then
IF Cint(XcUserInfo )<>1 then
ShowInfo()
Else
ShowHave()
End If
Else
ShowNot()
End If
%>
<% Sub ShowNot() %>
<br>
<table width="750" border="0" cellpadding="0" cellspacing="1" class="TableAll" >
<tr>
<td align="center" class="TrTop"> </td>
</tr>
<tr>
<td height="30" align="center" bgcolor="#FFFFFF" class="9ptred">对不起,没有您要的学生信息</td>
</tr>
</table>
<% End Sub%>
<% Sub ShowHave() %>
<br>
<table width="750" border="0" cellpadding="0" cellspacing="1" class="TableAll" >
<tr class="TrTop">
<td width="113" height="25">学号</td>
<td width="113" height="25">姓名</td>
<td width="163" height="25">详细信息</td>
<td width="106">留言</td>
</tr>
<%
Do while Not Rs.Eof
%>
<tr bgcolor="#FFFFFF">
<td height="30"> <%=Rs("UNumber")%></td>
<td> <%=Rs("UserName")%></td>
<td><a href="Search.asp?UserNum=<%=Rs("UNumber")%>">详细信息</a></td>
<td><a href="RepUser.asp?UserNum=<%=Rs("UNumber")%>&UserName=<%=Rs("UserName")%>" target="_blank">给他/她留言</a></td>
</tr>
<%
Rs.MoveNext
Loop
%>
</table>
<% End Sub %>
<% Sub ShowInfo() UNumber=ReplaceBadChar(Trim(Request.QueryString("UserNum")))
StrSql="Select * From XcUserInfo where UNumber='" & UNumber & "'"
Set Rs=Conn.execute(StrSql)
%>
<br>
<table width="740" border="1" cellpadding="0" cellspacing="1"
bordercolor="#ABABAB" background="Images/Byz.gif" class="TableAll" bordercolordark="#FFFFFF">
<tr align="center">
<td colspan="5" class="TrTop">学生详细信息</td>
</tr>
<tr>
<td width="59" height="25" align="center">姓名</td>
<td width="101"> <%=Rs("UserName")%></td>
<td width="79" align="center">笔名</td>
<td width="93"> <%=Rs("PenName")%></td>
<td width="112" rowspan="5" align="center" valign="middle">
<%
Response.Write("<A href=" & Rs("Pic") & " Target=blank><img src=" & Rs("Pic") &" width=100 height=150 Border=0></A>")
%></td>
</tr>
<tr>
<td height="25" align="center">学号</td>
<td> <%=Rs("UNumber")%></td>
<td align="center">性别</td>
<td> <%=Rs("USex")%></td>
</tr>
<tr>
<td height="25" align="center">年龄</td>
<td> <%=Rs("UAge")%></td>
<td align="center">学制</td>
<td> <%=Rs("UserTest")%></td>
</tr>
<tr>
<td height="25" align="center">学历</td>
<td> <%=Rs("Edu")%></td>
<td align="center">毕业类型</td>
<td> <%=Rs("EduType")%></td>
</tr>
<tr>
<td height="25" align="center">入学时间</td>
<td> <%=Rs("Intime")%></td>
<td align="center">毕业时间</td>
<td> <%=Rs("OutTime")%></td>
</tr>
<tr>
<td height="25" align="center">专业</td>
<td> <%=Rs("UDep")%></td>
<td align="center">班级</td>
<td colspan="2"> <%=Rs("UClass")%></td>
</tr>
<tr>
<td height="25" align="center">联系电话</td>
<td> <%=Rs("UTel")%></td>
<td align="center">给他/她留言</td>
<td colspan="2" align="left"><a href="RepUser.asp?UserNum=<%=Rs("UNumber")%>&UserName=<%=Rs("UserName")%>" target="_blank"> 给他/她留言</a></td>
</tr>
<tr>
<td height="25" align="center">其他</td>
<td height="190" colspan="4" valign="top"><table width="95%" border="0" align="center" cellpadding="1" cellspacing="1" class="w9pt">
<tr>
<td><%=Rs("UOther")%></td>
</tr>
</table></td>
</tr>
</table>
<% End Sub %>
</td>
</tr>
</table></td>
</tr>
</table>
<!--#include file="Foot.asp"-->