<% ID=Request.Form("id") PWD=Request.Form("pwd") sql="select * from ch71_mem where UID='"&ID&"'" Set DbCon=Server.CreateObject("ADODB.Connection") DbCon.Open("DSN=ch71;UID=sa;PWD=pages30") Set Rs=DbCon.Execute(sql) if (rs.eof or rs.bof) then %> <%else sql2="select * from ch71_mem where uid='"&id&"' and passwd='"&pwd&"'" Set Rs2=DbCon.Execute(sql2) if (rs2.eof or rs2.bof) then %> <% else Session("UID")=Request("id") Response.Redirect "../../center01.asp" end if end if DbCon.Close Set rs=nothing Set rs2=nothing Set dbcon=nothing %>