<%
if Request("action")="edit" Then
set rs=Server.CreateObject("ADODB.recordset")
sql="select * from User_Info where User_Account='"&Session("User_Account")&"' and User_Password='"&Md5(Request.Form("User_OldPassword"))&"' "
rs.open sql,conn,3,3
if Md5(Request.Form("User_OldPassword"))<>rs("User_Password") Then
Call AlertUrl("旧密码不正确!","MyPassword.asp")
Response.End
End if
rs("User_Password")=Md5(Trim(Request.Form("User_Password")))
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
Call AlertUrl("修改成功!","MyPassword.asp")
Response.End
End if
%>