<% Dim idx, branchCode, categoryNo, subject, contents Dim userId, userName, userAge, grade, best, categoryB Dim fileName1, fileSize1, fileName2, fileSize2, fileName3, fileSize3 Dim file1_del, file2_del, file3_del Dim UploadForm, SQL, RS, tableName, listFile Dim mode, msg Dim adm_idx, adm_date, adm_hit, i Call AdminAuth() '»ç¿ë±ÇÇÑ Ã¼Å©(°ü¸®ÀÚ°¡ ¾Æ´Ï¸é Á¢±ÙºÒ°¡) returnurl = "/new/mbr/login.asp?returnUrl=/new/customer/customer05_write.asp" If session("user_id") = "" Then RESPONSE.WRITE ExecJavaAlert2("·Î±×ÀÎÈÄ ÀÌ¿ëÇØÁÖ¼¼¿ä.",returnurl) RESPONSE.END End If tableName = "TB_REVIEW" '### DB Å×À̺í¸í listFile = "customer05.asp" '### ¸®½ºÆ® ÆÄÀϸí Set UploadForm = Server.CreateObject("DEXT.FileUpload") UploadForm.AutoMakeFolder = True 'UploadForm.DefaultPath = "E:\WIN_SERVER\002_uni114.co.kr\www\data\" & tableName UploadForm.DefaultPath = PathDir&"\data\" & tableName '³Ñ¾î¿Â °ª º¯¼ö¿¡ ¹Þ±â idx = Trim(UploadForm("idx")) mode = Trim(UploadForm("mode")) userId = Session("user_id") 'userName = Session("user_name") userName = Trim(UploadForm("userName")) userAge = Trim(UploadForm("userAge")) grade = Trim(UploadForm("grade")) best = Trim(UploadForm("best")) : If best <> "Y" Then best = "N" : categoryB = Trim(UploadForm("categoryB")) branchCode = Trim(UploadForm("branchCode")) categoryNo = Trim(UploadForm("categoryNo")) subject = Trim(UploadForm("subject")) : subject = InjectionDefender(subject) contents = UploadForm("contents") : contents = InjectionDefender(contents) '### À̹ÌÁö ÆÄÀÏÀÌ ¾Æ´Ï¸é ÆÄÀÏ »èÁ¦ÇÏ°í ¿¡·¯ ó¸®ÇÏ´Â ÇÔ¼ö ### Sub NotImage() UploadForm.DeleteAllSavedFiles Set UploadForm = Nothing Response.Write "" Response.End End Sub Select Case mode Case "edit" '¼öÁ¤ ########################################################## msg = "¼öÁ¤" '### ÆÄÀÏ »èÁ¦ ÇÔ¼ö (DB ¼öÁ¤) ### Sub FileDel(idx, fileNo) SQL = "UPDATE " & tableName SQL = SQL & " SET fileName" & fileNo & " = '' " SQL = SQL & ", fileSize" & fileNo & " = 0 " SQL = SQL & " WHERE idx = " & idx Dbcon.Execute(SQL) End Sub file1_del = Trim(UploadForm("file1_del")) file2_del = Trim(UploadForm("file2_del")) file3_del = Trim(UploadForm("file3_del")) 'üũµÈ ÆÄÀÏ »èÁ¦ SQL = "SELECT fileName1, fileName2, fileName3 FROM " & tableName & " WHERE idx=" & idx Set RS = Dbcon.Execute(SQL) fileName1 = RS("fileName1") fileName2 = RS("fileName2") fileName3 = RS("fileName3") If file1_del = "Y" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName1 Call FileDel(idx, 1) End If If file2_del = "Y" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName2 Call FileDel(idx, 2) End If If file3_del = "Y" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName3 Call FileDel(idx, 3) End If '÷ºÎÆÄÀÏ ¾÷·Îµå For Each item In UploadForm("files") item.Save, False Next '¿¡·¯ ¹ß»ý½Ã ¾÷·Îµå µÈ ÆÄÀÏ »èÁ¦. IF Err THEN Response.Write Err.number & "
" & Err.source & "
" & Err.description UploadForm.DeleteAllSavedFiles Set UploadForm = Nothing Response.End END If fileName1 = UploadForm("files")(1).LastSavedFileName fileSize1 = UploadForm("files")(1).FileLen fileName2 = UploadForm("files")(2).LastSavedFileName fileSize2 = UploadForm("files")(2).FileLen fileName3 = UploadForm("files")(3).LastSavedFileName fileSize3 = UploadForm("files")(3).FileLen 'À̹ÌÁö ÆÄÀÏÀÌ ¾Æ´Ï¸é ÆÄÀÏÀ» »èÁ¦ ÇÏ°í ¿¡·¯Ã³¸® ÇÑ´Ù. If fileSize1 > 0 And UploadForm("files")(1).IsImageItem() = False Then Call NotImage() : If fileSize2 > 0 And UploadForm("files")(2).IsImageItem() = False Then Call NotImage() : If fileSize3 > 0 And UploadForm("files")(3).IsImageItem() = False Then Call NotImage() : 'DB ¼öÁ¤ SQL = "UPDATE " & tableName SQL = SQL & " SET categoryNo = " & categoryNo SQL = SQL & ", branchCode = '" & branchCode & "'" SQL = SQL & ", userName = '" & userName & "'" SQL = SQL & ", userAge = " & userAge SQL = SQL & ", subject = '" & subject & "'" SQL = SQL & ", contents = '" & contents & "'" SQL = SQL & ", grade = '" & grade & "'" SQL = SQL & ", best = '" & best & "'" SQL = SQL & ", categoryB = '" & categoryB & "'" If fileSize1 > 0 Then SQL = SQL & ", fileName1 = '" & fileName1 & "'" SQL = SQL & ", fileSize1 = " & fileSize1 End If If fileSize2 > 0 Then SQL = SQL & ", fileName2 = '" & fileName2 & "'" SQL = SQL & ", fileSize2 = " & fileSize2 End If If fileSize3 > 0 Then SQL = SQL & ", fileName3 = '" & fileName3 & "'" SQL = SQL & ", fileSize3 = " & fileSize3 End If SQL = SQL & " WHERE idx = " & idx Dbcon.Execute(SQL) RS.Close Set RS = Nothing Case "del" '»èÁ¦ ########################################################## msg = "»èÁ¦" 'ÆÄÀÏ »èÁ¦ SQL = "SELECT fileName1, fileName2, fileName3 FROM " & tableName & " WHERE idx=" & idx Set RS = Dbcon.Execute(SQL) fileName1 = RS("fileName1") fileName2 = RS("fileName2") fileName3 = RS("fileName3") If fileName1 <> "" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName1 : If fileName2 <> "" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName2 : If fileName3 <> "" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName3 : 'DB »èÁ¦ If Session("admin_div") > 0 Then SQL = "DELETE " & tableName & " WHERE idx=" & idx Else SQL = "DELETE " & tableName & " WHERE idx=" & idx & " and userId='"&Session("user_id")&"'" End If Dbcon.Execute(SQL) 'ÄÚ¸àÆ® »èÁ¦ SQL = "DELETE " & tableName & "_COMMENT WHERE reviewIdx = " & idx Dbcon.Execute(SQL) RS.Close Set RS = Nothing Case "insert" 'Ãß°¡ ########################################################## msg = "µî·Ï" '÷ºÎÆÄÀÏ ¾÷·Îµå For Each item In UploadForm("files") item.Save, False Next '¿¡·¯ ¹ß»ý½Ã ¾÷·Îµå µÈ ÆÄÀÏ »èÁ¦. IF Err THEN Response.Write Err.number & "
" & Err.source & "
" & Err.description UploadForm.DeleteAllSavedFiles Set UploadForm = Nothing Response.Write "" Response.End END If fileName1 = UploadForm("files")(1).LastSavedFileName fileSize1 = UploadForm("files")(1).FileLen fileName2 = UploadForm("files")(2).LastSavedFileName fileSize2 = UploadForm("files")(2).FileLen fileName3 = UploadForm("files")(3).LastSavedFileName fileSize3 = UploadForm("files")(3).FileLen 'À̹ÌÁö ÆÄÀÏÀÌ ¾Æ´Ï¸é ÆÄÀÏÀ» »èÁ¦ ÇÏ°í ¿¡·¯Ã³¸® ÇÑ´Ù. If fileSize1 > 0 And UploadForm("files")(1).IsImageItem() = False Then Call NotImage() : If fileSize2 > 0 And UploadForm("files")(2).IsImageItem() = False Then Call NotImage() : If fileSize3 > 0 And UploadForm("files")(3).IsImageItem() = False Then Call NotImage() : 'DB ÀúÀå SQL = "INSERT INTO " & tableName & " (userId, userName, userAge, branchCode, categoryNo, subject, contents, fileName1, fileSize1, fileName2, fileSize2, fileName3, fileSize3, writeDate, hit, grade, best, categoryB) " SQL = SQL & " VALUES ('" & userId & "', '" & userName & "', " & userAge & ", '" & branchCode & "', " & categoryNo & ", '" & subject & "', '" & contents & "', '" & fileName1 & "', " & fileSize1 & ", '" & fileName2 & "', " & fileSize2 & ", '" & fileName3 & "', " & fileSize3 & ", GETDATE(), 0, " & grade & ", '" & best & "', '" & categoryB & "')" Dbcon.Execute(SQL) Case "adm" '°ü¸® - ³¯Â¥/Á¶È¸¼ö ¾÷µ¥ÀÌÆ® ########################################################## Call CheckAuth("sojujan", mode) '### Á¢±Ù ±ÇÇÑ Ã¼Å© msg = "³¯Â¥\/Á¶È¸¼ö ¾÷µ¥ÀÌÆ®¸¦" adm_idx = Trim(UploadForm("adm_idx")) adm_date = Trim(UploadForm("adm_date")) adm_hit = Trim(UploadForm("adm_hit")) adm_idx = Split(adm_idx, ", ") adm_date = Split(adm_date, ", ") adm_hit = Split(adm_hit, ", ") For i = 0 To UBound(adm_idx) 'DB ¼öÁ¤ SQL = "UPDATE " & tableName SQL = SQL & " SET writeDate = '" & adm_date(i) & "'" SQL = SQL & ", hit = '" & adm_hit(i) & "'" SQL = SQL & " WHERE idx = " & adm_idx(i) Dbcon.Execute(SQL) Next Case Else msg = "½ÇÆÐ" End Select 'ó¸® ¿Ï·á(°ø¿ë) ########################################################## Set UploadForm = Nothing Response.Write "" Response.End %>