欢迎来到站长教程网!
兔子CDN

ASP编程

当前位置:主页 > 网络编程 > ASP编程 >

javascript asp教程添加和修改

时间:2020-09-14|栏目:ASP编程|点击:

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" 
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib" 
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")
	{
	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"
	}
else
	{
	var firstName = new String(Request.Form("firstName"))
	var lastName = new String(Request.Form("lastName"))
	var Address = new String(Request.Form("Address"))
	var City = new String(Request.Form("City"))

	var myRegExp = /[']/g;
	firstName = firstName.replace(myRegExp, '&#39;');
	lastName = lastName.replace(myRegExp, '&#39;');
	Address = Address.replace(myRegExp, '&#39;');
	City = City.replace(myRegExp, '&#39;');
	
	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" 
	sql += lastName + "' , Address='" + Address + "' , City='" 
	sql += City + "' , State='" + Request.Form("State") + "' , Zip='" 
	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"
	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, '&#39;');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.

上一篇:javascript asp教程More About Recordsets

栏    目:ASP编程

下一篇:asp下同一空间多绑多哥域名的方法

本文标题:javascript asp教程添加和修改

本文地址:www.dtcnnet.com/asp/30283.html

广告投放 | 联系我们 | 版权申明

重要申明:本站所有的文章、图片、评论等,均由网友发表或上传并维护或收集自网络,属个人行为,与本站立场无关。

如果侵犯了您的权利,请与我们联系,我们将在24小时内进行处理、任何非本站因素导致的法律后果,本站均不负任何责任。

联系QQ:584415406 | 邮箱:584415406#qq.com(#换成@)

Copyright © 2015-2020 小白站长网 版权所有 苏ICP备20040415号