Success. Data was included correctly in the database.
")
Response.Write("
Click here to go back to customer's details
")
%>
% id=Request.Form("id") contpers=format(Request.Form("contpers")) contphone=format(Request.Form("contphone")) employee=format(Request.Form("employee")) note=format(Request.Form("note")) Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function ' Function that converts to universal format yyyy/mm/dd Function dbDate(dt) dbDate = year(dt) &"/"& right("0" & month(dt), 2) &_ "/"& right("0" & day(dt),2) End Function SQL = "INSERT INTO Notes (Actual_Date, Content, Contact_Person, Contact_Phone, Employee_Name, ID_Customer) VALUES (#"& dbDate(date)&" "& time &"#,'" & note & "','" & contpers &"','"& contphone & "','" & employee & "','" & id &"');" connection.Execute(SQL) %>