<% dim rid,arr(10),arrlen,i arr(0)="insert" arr(1)="update" arr(2)="delete" arr(3)="drop" arr(4)="create" arr(5)="truncate" arr(6)="select" arrlen=6 rid=lcase(request.querystring("news_id")) if rid="" then response.redirect("../default.asp") end if if not IsNumeric(rid) and len(rid)>0 then for i=0 to arrlen if instr(rid,arr(i))>0 then response.redirect("../default.asp") end if next response.redirect("../default.asp") end if %> <% Set objFSO = CreateObject("Scripting.FileSystemObject") dim rec,txtcontent dim nid,widthofimage1,heightofimage1 nid=request.querystring("news_id") set rec= con.execute("select * from news where news_id="&nid&"") widthofimage1=500 heightofimage1=500 if rec.eof =false then txtcontent=replace(rec("news_detail"),""," ") response.write("") if rec("image_path")<>"" then ' checking the width and height if width & heigt is greater than the specified then ' set to the specified else in the real size filepath="cmsadmin\image\" & rec("image_path") filepath=server.mappath(filepath) Set objF = objFSO.GetFile(filepath) if gfxSpex(objf.Path, w, h, c, strType) = true then if cint(w) > cint(widthofimage1) then widthofimage1=cint(widthofimage1) else widthofimage1=cint(w) end if if cint(h) > cint(heightofimage1) then heightofimage1=cint(heightofimage1) else heightofimage1=cint(h) end if end if response.write("") else response.write("") end if end if response.Write("


" & trim(txtcontent) & "


"& trim(txtcontent)& "

") set rec=con.execute("select news_id,news_title from news where news_id <>"& nid &"") %>

<% while rec.eof=false %> <% rec.movenext wend %>
" class="sidelinks"><%=rec("news_title") %>
View All News