<%if request.form("do") = "yes" then INSERTCOM = "INSERT INTO Forces_NoticeComments (NoticeID, Comment, Anonymous,AccountID, Deleted, EntryDate) " INSERTCOM = INSERTCOM & " VALUES ('"&request.form("noticeid")&"','"&killchars(request.form("comment"))&"','"&killchars(request.form("anonymous"))&"', " INSERTCOM = INSERTCOM & " '"&session("accountid")&"', 'no', Convert(datetime,'"&now()&"',103) )" MyConn.execute(INSERTCOM) response.redirect "NoticeDetails.asp?id="&request.form("noticeid") end if%>

NOTICEBOARD

<%'################ MAIN CONTENT STARTS ########################%> <%if request("do")= "del1" Then SQLDel2 = "DELETE FROM Forces_NoticeComments WHERE NoticeID = "&killchars(request("id"))&" " Set RSDel2 = MyConn.Execute(SQLDel2) SQLDel = "DELETE FROM Forces_Noticeboard WHERE NoticeID = "&killchars(request("id"))&" " Set RSDel = MyConn.Execute(SQLDel) response.redirect "Noticeboard.asp" end if%> <%if request("do")= "del2" Then SQLDel3 = "DELETE FROM Forces_NoticeComments WHERE ComID = "&request("cid")&" " Set RSDel3 = MyConn.Execute(SQLDel3) response.redirect "NoticeDetails.asp?id="&request("bid") end if%> <% Set MyCmd = Server.CreateObject("ADODB.Command") MyCmd.ActiveConnection = MyConn MyCmd.CommandText = "SELECT AccountID,NoticeID, Subject, Anonymous,EntryDate, Message FROM Forces_Noticeboard WHERE Deleted = 'no' AND NoticeID = ? ORDER BY NoticeID Desc" MyCmd.Parameters.Append MyCmd.CreateParameter("", 3, 1, , request("id")) Set RSBlogs = Server.CreateObject("ADODB.RecordSet") RSBlogs.Open MyCmd Do While Not RSBlogs.EOF%> <%if RSBlogs("Anonymous") = "yes" then sayUsername = "Anonymous" else GetUserName = "SELECT Username FROM Forces_Registrants WHERE AccountID = '"&RSBlogs("AccountID")&"' " SET RSUserName = MyConn.execute(GetUserName) sayUsername = RSUserName("Username") end if%>

<%=RSBlogs("Subject")%>

Posted by <%=sayUsername%> (<%=RSBlogs("EntryDate")%>)

<%=RSBlogs("Message")%>

<%RSBlogs.Movenext Loop%>

Comments

<% Set MyCmd1 = Server.CreateObject("ADODB.Command") MyCmd1.ActiveConnection = MyConn MyCmd1.CommandText = "SELECT ComID,AccountID, EntryDate,Anonymous, Comment FROM Forces_NoticeComments WHERE Deleted = 'no' AND NoticeID = ? ORDER BY ComID DESC" MyCmd1.Parameters.Append MyCmd1.CreateParameter("", 3, 1, , request("id")) Set RSComments = Server.CreateObject("ADODB.RecordSet") RSComments.Open MyCmd1 Do While Not RSComments.EOF %> <%if RSComments("Anonymous") = "yes" then sayUsername2 = "Anonymous" else GetUserName = "SELECT Username FROM Forces_Registrants WHERE AccountID = '"&RSComments("AccountID")&"' " SET RSUserName = MyConn.execute(GetUserName) sayUsername2 = RSUserName("Username") end if%>
<%GetAdmin = "SELECT Type FROM Forces_Registrants WHERE AccountID = '"&session("AccountID")&"' " Set RSAdmin = MyConn.execute(GetAdmin) If RSAdmin("Type") = "admin" then%> &bid=<%=request("id")%>" onclick="if(!confirm('Are you sure you want to delete this record? It will be removed permanently!')) return false;">delete <%end if%>

Posted by <%=sayUsername2%>(<%=RSComments("EntryDate")%>)

<%=RSComments("Comment")%>

<%RSComments.Movenext Loop%>
">
Add Comment:
Stay Anonymous? Yes  No
<%'################ MAIN CONTENT ENDS ###########################%>