<%
Dim idx, subject, writeDate, fileName, contents
Dim file_del
Dim UploadForm, SQL, RS, tableName, listFile
Dim mode, msg
Dim adm_idx, adm_date, adm_hit, i
tableName = "tbl_gallery" '### DB Å×À̺í¸í
listFile = fullPath & "/intro/intro03.asp" '### ¸®½ºÆ® ÆÄÀϸí
Set UploadForm = Server.CreateObject("DEXT.FileUpload")
UploadForm.AutoMakeFolder = True
'UploadForm.DefaultPath = "E:\WIN_SERVER\002_uni114.co.kr\www\data\" & tableName
UploadForm.DefaultPath = PathDir&"\data\" & tableName
'³Ñ¾î¿Â °ª º¯¼ö¿¡ ¹Þ±â
idx = Trim(UploadForm("idx"))
mode = Trim(UploadForm("mode"))
userId = Session("id")
userName = Session("name")
subject = Trim(UploadForm("subject")) : subject = InjectionDefender(subject)
contents = UploadForm("contents") : contents = InjectionDefender(contents)
Call CheckAuth(userId, mode) '### Á¢±Ù ±ÇÇÑ Ã¼Å©
'### À̹ÌÁö ÆÄÀÏÀÌ ¾Æ´Ï¸é ÆÄÀÏ »èÁ¦ÇÏ°í ¿¡·¯ ó¸®ÇÏ´Â ÇÔ¼ö ###
Sub NotImage()
UploadForm.DeleteAllSavedFiles
Set UploadForm = Nothing
Response.Write ""
Response.End
End Sub
Select Case mode
Case "edit" '¼öÁ¤ ##########################################################
msg = "¼öÁ¤"
'### ÆÄÀÏ »èÁ¦ ÇÔ¼ö (DB ¼öÁ¤) ###
Sub FileDel(idx)
SQL = "UPDATE " & tableName
SQL = SQL & " SET f_nm1 = '' "
SQL = SQL & " WHERE seq = " & idx
Dbcon.Execute(SQL)
End Sub
file_del = Trim(UploadForm("file_del"))
'üũµÈ ÆÄÀÏ »èÁ¦
SQL = "SELECT f_nm1 FROM " & tableName & " WHERE seq=" & idx
Set RS = Dbcon.Execute(SQL)
fileName1 = RS("f_nm1")
If file_del = "Y" Then
UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName1
Call FileDel(idx)
End If
'÷ºÎÆÄÀÏ ¾÷·Îµå
For Each item In UploadForm("files")
item.Save, False
Next
'¿¡·¯ ¹ß»ý½Ã ¾÷·Îµå µÈ ÆÄÀÏ »èÁ¦.
IF Err THEN
Response.Write Err.number & "
" & Err.source & "
" & Err.description
UploadForm.DeleteAllSavedFiles
Set UploadForm = Nothing
Response.End
END If
fileName1 = UploadForm("files")(1).LastSavedFileName
fileSize1 = UploadForm("files")(1).FileLen
'À̹ÌÁö ÆÄÀÏÀÌ ¾Æ´Ï¸é ÆÄÀÏÀ» »èÁ¦ ÇÏ°í ¿¡·¯Ã³¸® ÇÑ´Ù.
If fileSize1 > 0 And UploadForm("files")(1).IsImageItem() = False Then Call NotImage() :
'DB ¼öÁ¤
SQL = "UPDATE " & tableName
SQL = SQL & " SET name = '" & subject & "'"
SQL = SQL & ", contents = '" & contents & "'"
If fileSize1 > 0 Then
SQL = SQL & ", f_nm1 = '" & fileName1 & "'"
End If
SQL = SQL & " WHERE seq = " & idx
Dbcon.Execute(SQL)
RS.Close
Set RS = Nothing
Case "del" '»èÁ¦ ##########################################################
msg = "»èÁ¦"
'ÆÄÀÏ »èÁ¦
SQL = "SELECT f_nm1 FROM " & tableName & " WHERE seq=" & idx
Set RS = Dbcon.Execute(SQL)
fileName1 = RS("f_nm1")
If fileName1 <> "" Then UploadForm.DeleteFile UploadForm.DefaultPath & "\" & fileName1 :
'DB »èÁ¦
SQL = "DELETE " & tableName & " WHERE seq=" & idx
Dbcon.Execute(SQL)
RS.Close
Set RS = Nothing
Case "insert" 'Ãß°¡ ##########################################################
msg = "µî·Ï"
'÷ºÎÆÄÀÏ ¾÷·Îµå
For Each item In UploadForm("files")
item.Save, False
Next
'¿¡·¯ ¹ß»ý½Ã ¾÷·Îµå µÈ ÆÄÀÏ »èÁ¦.
IF Err THEN
Response.Write Err.number & "
" & Err.source & "
" & Err.description
UploadForm.DeleteAllSavedFiles
Set UploadForm = Nothing
Response.Write ""
Response.End
END If
fileName1 = UploadForm("files")(1).LastSavedFileName
fileSize1 = UploadForm("files")(1).FileLen
'À̹ÌÁö ÆÄÀÏÀÌ ¾Æ´Ï¸é ÆÄÀÏÀ» »èÁ¦ ÇÏ°í ¿¡·¯Ã³¸® ÇÑ´Ù.
If fileSize1 > 0 And UploadForm("files")(1).IsImageItem() = False Then Call NotImage() :
'DB ÀúÀå
SQL = "INSERT INTO " & tableName & " (f_nm1, reg_dt, name, contents) "
SQL = SQL & " VALUES ('" & fileName1 & "', GETDATE(), '" & subject & "', '" & contents & "')"
'Response.Write SQL
Dbcon.Execute(SQL)
Case Else
msg = "½ÇÆÐ"
End Select
'ó¸® ¿Ï·á(°ø¿ë) ##########################################################
Set UploadForm = Nothing
Response.Write ""
Response.End
%>