<% Dim idx, userId, userName, subject, contents, kind Dim fileName1, fileSize1, fileName2, fileSize2 Dim file1_del, file2_del Dim UploadForm, SQL, RS, tableName, listFile Dim mode, msg Dim adm_idx, adm_date, adm_hit, i Dim branchs, period tableName = "TB_EVENT" '### DB ���̺��� listFile = "event.asp" '### ����Ʈ ���ϸ� Set UploadForm = Server.CreateObject("DEXT.FileUpload") UploadForm.AutoMakeFolder = True UploadForm.DefaultPath = PathDir&"\data\" & tableName '�Ѿ�� �� ������ �ޱ� idx = Trim(UploadForm("idx")) mode = Trim(UploadForm("mode")) userId = Trim(UploadForm("userId")) userName = Trim(UploadForm("userName")) subject = Trim(UploadForm("subject")) : subject = InjectionDefender(subject) contents = UploadForm("contents") : contents = InjectionDefender(contents) branchs = Trim(UploadForm("branchs")) : If branchs = "" Then branchs = "U000" : period = Trim(UploadForm("period")) kind = Trim(UploadForm("kind")) Call CheckAuth(userId, mode) '### ���� ���� üũ '### �̹��� ������ �ƴϸ� ���� �����ϰ� ���� ó���ϴ� �Լ� ### Sub NotImage() UploadForm.DeleteAllSavedFiles Set UploadForm = Nothing Response.Write "" Response.End End Sub Select Case mode Case "edit" '���� ########################################################## msg = "����" '### ���� ���� �Լ� (DB ����) ### Sub FileDel(idx, fileNo) SQL = "UPDATE " & tableName SQL = SQL & " SET fileName" & fileNo & " = '' " SQL = SQL & ", fileSize" & fileNo & " = 0 " SQL = SQL & " WHERE idx = " & idx Dbcon.Execute(SQL) End Sub file1_del = Trim(UploadForm("file1_del")) file2_del = Trim(UploadForm("file2_del")) 'üũ�� ���� ���� SQL = "SELECT fileName1, fileName2 FROM " & tableName & " WHERE idx=" & idx Set RS = Dbcon.Execute(SQL) fileName1 = RS("fileName1") fileName2 = RS("fileName2") If file1_del = "Y" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName1 Call FileDel(idx, 1) End If If file2_del = "Y" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName2 Call FileDel(idx, 2) End If '÷������ ���ε� For Each item In UploadForm("files") item.Save, False Next '���� �߻��� ���ε� �� ���� ����. IF Err THEN Response.Write Err.number & "
" & Err.source & "
" & Err.description UploadForm.DeleteAllSavedFiles Set UploadForm = Nothing Response.End END If fileName1 = UploadForm("files")(1).LastSavedFileName fileSize1 = UploadForm("files")(1).FileLen fileName2 = UploadForm("files")(2).LastSavedFileName fileSize2 = UploadForm("files")(2).FileLen '�̹��� ������ �ƴϸ� ������ ���� �ϰ� ����ó�� �Ѵ�. If fileSize1 > 0 And UploadForm("files")(1).IsImageItem() = False Then Call NotImage() : If fileSize2 > 0 And UploadForm("files")(2).IsImageItem() = False Then Call NotImage() : 'DB ���� SQL = "UPDATE " & tableName SQL = SQL & " SET subject = '" & subject & "'" SQL = SQL & ", contents = '" & contents & "'" SQL = SQL & ", branchs = '" & branchs & "'" SQL = SQL & ", period = '" & period & "'" SQL = SQL & ", kind = '" & kind & "'" If fileSize1 > 0 Then SQL = SQL & ", fileName1 = '" & fileName1 & "'" SQL = SQL & ", fileSize1 = " & fileSize1 End If If fileSize2 > 0 Then SQL = SQL & ", fileName2 = '" & fileName2 & "'" SQL = SQL & ", fileSize2 = " & fileSize2 End If SQL = SQL & " WHERE idx = " & idx Dbcon.Execute(SQL) RS.Close Set RS = Nothing Case "del" '���� ########################################################## msg = "����" '���� ���� SQL = "SELECT fileName1, fileName2 FROM " & tableName & " WHERE idx=" & idx Set RS = Dbcon.Execute(SQL) fileName1 = RS("fileName1") fileName2 = RS("fileName2") If fileName1 <> "" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName1 : If fileName2 <> "" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName2 : 'DB ���� SQL = "DELETE " & tableName & " WHERE idx=" & idx Dbcon.Execute(SQL) RS.Close Set RS = Nothing Case "insert" '�߰� ########################################################## msg = "���" '÷������ ���ε� For Each item In UploadForm("files") item.Save, False Next '���� �߻��� ���ε� �� ���� ����. IF Err THEN Response.Write Err.number & "
" & Err.source & "
" & Err.description UploadForm.DeleteAllSavedFiles Set UploadForm = Nothing Response.Write "" Response.End END If fileName1 = UploadForm("files")(1).LastSavedFileName fileSize1 = UploadForm("files")(1).FileLen fileName2 = UploadForm("files")(2).LastSavedFileName fileSize2 = UploadForm("files")(2).FileLen '�̹��� ������ �ƴϸ� ������ ���� �ϰ� ����ó�� �Ѵ�. If fileSize1 > 0 And UploadForm("files")(1).IsImageItem() = False Then Call NotImage() : If fileSize2 > 0 And UploadForm("files")(2).IsImageItem() = False Then Call NotImage() : 'DB ���� SQL = "INSERT INTO " & tableName & " (userId, userName, subject, contents, fileName1, fileSize1, fileName2, fileSize2, writeDate, hit, branchs, period, kind) " SQL = SQL & " VALUES ('" & userId & "', '" & userName & "', '" & subject & "', '" & contents & "', '" & fileName1 & "', " & fileSize1 & ", '" & fileName2 & "', " & fileSize2 & ", GETDATE(), 0, '" & branchs & "', '" & period & "', '" & kind & "')" Dbcon.Execute(SQL) Case Else msg = "����" End Select 'ó�� �Ϸ�(����) ########################################################## Set UploadForm = Nothing Response.Write "" Response.End %>