<% 'Retrieve the information id=format(Request.Form("id")) coname=format(Request.Form("coname")) name=format(Request.Form("name")) surname=format(Request.Form("surname")) address=format(Request.Form("address")) postal=format(Request.Form("postal")) location=format(Request.Form("location")) birth1=format(Request.Form("birth1")) birth2=format(Request.Form("birth2")) birth3=format(Request.Form("birth3")) email=format(Request.Form("email")) contactph=format(Request.Form("contactph")) fax=format(Request.Form("fax")) vendor=format(Request.Form("vendor")) description=format(Request.Form("description")) ' Function that converts to universal format yyyy/mm/dd Function dbDate(dt) dbDate = year(dt) &"/"& right("0" & month(dt), 2) &_ "/"& right("0" & day(dt),2) End Function ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") 'We build the SQL update query depending on date of birth If len(birth1)=0 or len(birth2)=0 or len(birth3)=0 then SQL = "UPDATE Customer SET Name='"&name&"',Surname='"&surname&"',Company_Name='"&coname&"',Address='"&address&"',Postal_Code='"&postal&"',Location='"&location&"',Email='"&email&"',Contact_Phone='"&contactph&"',Fax='"&fax&"',Vendor='"&vendor&"',Description='"&description&"' WHERE ID_Customer like '" &id&"';" Else birth=birth1&"/"&birth2&"/"&birth3 SQL = "UPDATE Customer SET Name='"&name&"',Surname='"&surname&"',Company_Name='"&coname&"',Address='"&address&"',Postal_Code='"&postal&"',Location='"&location&"',BirthDate=#"&dbDate(birth)&"#,Email='"&email&"',Contact_Phone='"&contactph&"',Fax='"&fax&"',Vendor='"&vendor&"',Description='"&description&"' WHERE ID_Customer like '" &id&"';" End if connection.Execute(SQL) %> Cellular Advice NI LTD

Modify Customer

<% Response.Write("

Success. Data was updated correctly in the database.

") %>

 

 

 

 

 

 

©2005 Cellular Advice NI LTD

<% 'Close the connection to the database connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  customers  >  updatecust.asp