<% table=Request("table") no=Request("no") passwd=request("passwd") Set dbcon = Server.CreateObject("ADODB.Connection") dbcon.Open ("dsn=ch71;uid=gajanet;pwd=0202;") sql="select onum=passwd from "&table&" where no="&no Set rs=dbcon.execute(sql) if trim(rs("onum"))<>passwd then %> <%else Set dbcon = Server.CreateObject("ADODB.Connection") dbcon.Open ("dsn=ch71;uid=gajanet;pwd=0202;") writer=request("writer") subject=replace(Request("subject"),"'","''") if subject="" then subject=" " end if content=Replace(Request("content"),"'","''") if content="" then content=" " end if sql1="UPDATE "&table&" SET " sql1=sql1 & "Subject='" & subject & "'," sql1=sql1 & "writer='" & writer & "'," sql1=sql1 & "content= '" & content &"'" sql1=sql1 & " where no="& no dbcon.Execute(sql1) Response.Redirect "list.asp?table="&table end if %>