高手帮我看看这段代码出了什么问题,多谢了
我自己的一个论坛,我在发布新主题或者新回复的时候,只要主题和文字框有中文字便会出现以下错误,而英文字不会有错误,这是什么原因??
提示以下错误
Microsoft OLE DB Provider for SQL Server error '80040e14'
字符串 '' 之前有未闭合的引号。
/newthread.asp, line 202
代码贴出来,如下:
<%
step = ChkSql(request("step"))
select case step
case "2"
formsize = request.totalbytes
formdata = request.binaryread(formsize)
bcrlf = chrb(13) & chrb(10)
divider = leftb(formdata, instrb(formdata, bcrlf) - 1)
filesize = 0
error = ""
err = false
if Trim(GetFormVal("subject")) = "" then
error = error & "<br><li>" & loadtemplate("err_postsubject")
else
if strLength(GetFormVal("subject")) > 100 then error = error & "<br><li>" & loadtemplate("err_postsubject")
end if
StrHtml = loadtemplate("err_posttext")
StrHtml = Replace(StrHtml, "{textmaxlength}", postmaxlength)
if GetFormVal("text") = "" then
error = error & "<br><li>" & StrHtml
else
if strLength(GetFormVal("text")) > postmaxlength then error = error & "<br><li>" & StrHtml
end if
path = Server.MapPath("upload\")
if allowuploadfile = 1 then
filename = SaveFile("attachment",path,uploadfilesizemax)
if filename = "" then error = error & "<br><li>" & loadtemplate("err_uploadfile")
end if
if error <> "" then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", error)
response.write StrHtml
response.end
end if
' save thread
rating = ChkSql(GetFormVal("rating"))
if not IsNumeric(rating) then
rating = 0
else
rating = cint(rating)
end if
icon = ChkSql(GetFormVal("icon"))
if not IsNumeric(icon) then
icon = 0
else
icon = cint(icon)
if icon < 0 or icon > 15 then icon = 0
end if
nowtime = now()
StrSql = "insert into sf_thread(title, lastpost, forumid, pollid, [open], replycount, postusername, postuserid, lastposter, lastposterid, dateline, views, iconid, notes, visible, moved, best, displayorder, rating) values("
StrSql = StrSql & "'" & server.htmlencode(ChkSql(killbadword(GetFormVal("subject")))) & "', "
StrSql = StrSql & "'" & nowtime & "', "
StrSql = StrSql & forumid & ", -1, 1, 1, '" & ChkSql(request.cookies("sf")("username")) & "', " & userid & ", "
StrSql = StrSql & "'" & ChkSql(request.cookies("sf")("username")) & "', " & userid & ", '" & nowtime & "', 0, " & icon & ", ''" & ", 1, 0, 0, 0, " & rating & ")"
' lock database
Application.Lock
Conn.Execute(StrSql)
StrSql = "select top 1 threadid from sf_thread order by threadid DESC"
Set rs2 = Conn.Execute(StrSql)
threadid = rs2("threadid")
attachmentid = 0
if allowuploadfile = 1 and filesize > 0 then
StrSql = "insert into sf_attachment (userid, forumid, threadid, filename, filesize) values("
StrSql = StrSql & userid & ", " & forumid & ", " & threadid & ", '" & filename & "', " & filesize & ")"
Conn.Execute(StrSql)
StrSql = "select top 1 attachmentid from sf_attachment where threadid = " & threadid & " order by attachmentid DESC"
Set rs2 = Conn.Execute(StrSql)
attachmentid = rs2("attachmentid")
end if
sign = 0
emot = 0
xbcode = 0
autourl = 0
if GetFormVal("sign") = "1" then sign = 1
if GetFormVal("usexbcode") = "1" then xbcode = 1
if GetFormVal("useemot") = "1" then emot = 1
if GetFormVal("url") = "1" then autourl = 1
StrSql = "insert into sf_post(threadid, forumid, parentid, username, userid, title, dateline, pagetext, attachmentid, allowsmilie, allowautourl, allowxbcode, showsignature, ipaddress, iconid, layer, visible, notes, editdate) values("
StrSql = StrSql & threadid & ", " & forumid & ", -1, '" & ChkSql(request.cookies("sf")("username")) & "', " & userid & ", '" & ChkSql(server.htmlencode(killbadword(GetFormVal("subject")))) & "', '" & nowtime & "', '" & ChkSql(server.htmlencode(killbadword(GetFormVal("text")))) & "', " & attachmentid & ", " & emot & ", " & autourl & ", " & xbcode & ", " & sign & ", '" & cstr(request.ServerVariables("REMOTE_ADDR")) & "', " & icon & ",1 , 1, '', '" & nowtime & "')"
Conn.Execute(StrSql)
StrSql = "update sf_forum set threadcount = threadcount + 1, replycount = replycount + 1, lastpost = '" & nowtime & "', lastposter = '" & ChkSql(request.cookies("sf")("username")) & "', lastposterid = " & userid & ", lastposttitle = '" & ChkSql(GetFormVal("subject")) & "', lastpostid = " & threadid & " where forumid = " & forumid
Conn.Execute(StrSql)
StrSql = "update sf_user set posts = posts + 1, rating = rating + " & ratingthread & ", lastposttime = '" & nowtime & "', lastpostid = " & threadid & ", lastposttitle = '" & ChkSql(server.htmlencode(killbadword(GetFormVal("subject")))) & "' where userid = " & userid
Conn.Execute(StrSql)
StrSql = "update sf_counter set threadnum = threadnum + 1"
Conn.Execute(StrSql)
StrSql = "update sf_counter set postnum = postnum + 1"
Conn.Execute(StrSql)
' unlock database
Application.UnLock
Session("LastPostTime") = now()
StrHtml = loadtemplate("hint")
StrHtml = Replace(StrHtml, "{hint_text}", loadtemplate("hint_newthread"))
StrHtml = Replace(StrHtml, "{pro_name}", "showthread.asp?threadid=" & threadid)
response.write StrHtml
case else