<% textfield=format(Request.Form("textfield")) opt=Request.Form("radiobutton") ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") SQL="SELECT ID_Customer,Name,Surname,Company_Name FROM Customer WHERE "&opt& " like '%"&textfield&"%'" Set list=connection.Execute(SQL) %> Cellular Advice NI LTD

Modify Customer

<% If list.eof Then Response.Write("

Sorry. No match found in the database.

Click here to repeat the search

") Else Response.Write("

Please select exactly the customer to modify:

") End If %>

<% 'We check if the result of the search is empty If NOT list.eof Then mark="CHECKED" 'We open the form Response.Write("

") Do While NOT list.eof Response.Write("" &list.Fields("Name")& " " &list.Fields("Surname")& " ("&list.Fields("Company_Name")& ")" & "

") list.movenext() mark="" Loop Response.Write("
 
") End If connection.Close() %>

 



©2005 Cellular Advice NI LTD

e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  customers  >  searchcust.asp