快来帮帮我,一个ASP问题

我想设计一个根据SESSION值不为空才允许进入页面的代码,可是现在变成随便输入用户名和密码就能进入,请教下啊是怎么回事?请帮我更正啊
<!--#include file="conn.asp"-->
<%
dim admin,pwd,adminname,adminpwd
set rs=server.createobject("ADODB.Recordset")
sql="select * from admin where admin='" &admin& "'"
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write"<script>alert('用户名或密码不存在');history.back();</script>"
else
adminname=rs("admin")
adminpwd=rs("pwd")
rs.close
set rs=nothing
end if
if admin<>adminname then
response.write"<script>alert('用户名不存在');history.back();</script>"
elseif pwd<>adminpwd then
response.Write"<script>alert('密码错误');history.back();</script>"
elseif request.form("name")="" then
response.write"<script>alert('用户名不能为空');history.back();</script>"
elseif request.Form("password")="" then
response.write"<script>alert('密码不能为空');history.back();</script>"
else
session("admin")=replace(trim(request.Form("name")),"'","")
session("pwd")=request.Form("password")
response.Redirect("admin_edit.asp")
end if
%>

 

改成这样结果变成不能跳转页面了,还是请小叶告诉我错哪里吧
session("admin")=adminname
session("pwd")=adminpwd

 

原来是修改的时候漏掉提取表单内容,现在这样应该没有错了
<!--#include file="conn.asp"-->
<%
dim admin,pwd,adminname,adminpwd
admin=request.form("name")
pwd=request.Form("password")
set rs=server.createobject("ADODB.Recordset")
sql="select * from admin where admin='" &admin& "'"
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write"<script>alert('用户名或密码不存在');history.back();</script>"
else
adminname=rs("admin")
adminpwd=rs("pwd")
rs.close
set rs=nothing
end if
if admin<>adminname then
response.write"<script>alert('用户名不存在');history.back();</script>"
elseif pwd<>adminpwd then
response.Write"<script>alert('密码错误');history.back();</script>"
elseif request.form("name")="" then
response.write"<script>alert('用户名不能为空');history.back();</script>"
elseif request.Form("password")="" then
response.write"<script>alert('密码不能为空');history.back();</script>"
else
session("admin")=adminname
session("pwd")=adminpwd
response.Redirect("admin_edit.asp")
end if
%>