<% table=Request("table") no=Request("no") passwd=request("passwd") Set dbcon = Server.CreateObject("ADODB.Connection") DbCon.Open("DSN=ch71;UID=sa;PWD=pages30") sql="select onum=passwd from "&table&" where no="&no Set rs=dbcon.execute(sql) if trim(rs("onum"))<>passwd then %> <%else Set dbcon = Server.CreateObject("ADODB.Connection") dbcon.Open ("DSN=ch71;UID=sa;PWD=pages30") writer=request("writer") subject=Request("subject") if subject="" then subject=" " end if content=Replace(Request("content"),"'","''") if content="" then content=" " end if sql1="UPDATE "&table&" SET " sql1=sql1 & "Subject='" & subject & "'," sql1=sql1 & "writer='" & writer & "'," sql1=sql1 & "content= '" & content &"'" sql1=sql1 & " where no="& no dbcon.Execute(sql1) Response.Redirect "list.asp?table="&table end if %>