<% id=Request.Form("id") idnote=Request.Form("idnote") contpers=format(Request.Form("contpers")) contphone=format(Request.Form("contphone")) note=format(Request.Form("note")) employee=format(Request.Form("employee")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") Function dbDate(dt) dbDate = year(dt) &"/"& right("0" & month(dt), 2) &_ "/"& right("0" & day(dt),2) End Function SQL="UPDATE Notes SET Contact_Person='"&contpers&"',Contact_Phone='"&contphone&"',Content='"¬e&"',Employee_Name='"&employee&"',Actual_Date=#"&dbDate(Date)&" "& time &"# WHERE ID_Note like '" &idnote&"';" connection.Execute(SQL) %> Cellular Advice NI LTD

Update Note.

Modifications were introduced successfully in the database.


Click here to return to customer's details.

 

 

 



©2005 Cellular Advice NI LTD

e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  notes  >  updatenote.asp