<!--#include file="ewconfig.asp"-->
<!--#include file="db.asp"-->
<!--#include file="hotelsinfo.asp"-->
<!--#include file="advsecu.asp"-->
<!--#include file="aspmkrfn.asp"-->
<%
Response.Expires = 0
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", "private, no-cache, no-store, must-revalidate"
%>
<%
If Not IsLoggedIn And Request.Cookies(ewProjectName)("autologin") = "autologin" And Request.Cookies(ewProjectName)("password") <> "" Then Response.Redirect "login.asp"
Call LoadUserLevel()
If IsLoggedIn Then
	ewCurSec = CurrentUserLevelPriv("hotels")
Else
	ewCurSec = GetAnonymousPriv("hotels")
End If
If (ewCurSec And ewAllowList) <> ewAllowList Then Response.Redirect "hotelslist.asp"
%>
<%
Response.Buffer = True

' Get key
x_HotelID = Request.QueryString("HotelID")
If x_HotelID = "" Or IsNull(x_HotelID) Then Response.End

' Open Connection to the database
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open xDb_Conn_Str
sFilter = ewSqlKeyWhere
If Not IsNumeric(x_HotelID) Then
	sFilter = "0=1" ' prevent sql injection
End If
sFilter = Replace(sFilter, "@HotelID", AdjustSql(x_HotelID))
sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, sFilter, "")
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open sSql, conn
If Not rs.Eof Then

	'rs.MoveFirst
	Response.BinaryWrite rs("Photo3")
End If
rs.Close
Set rs = Nothing
conn.Close
Set conn = Nothing
%>