<% id=Request.Form("id") phonenumber=format(Request.Form("phonenumber")) network=format(Request.Form("network")) ntype=format(Request.Form("ntype")) imei=format(Request.Form("imei")) sim=format(Request.Form("sim")) contract1=format(Request.Form("contract1")) contract2=format(Request.Form("contract2")) contract3=format(Request.Form("contract3")) tariff=format(Request.Form("tariff")) password=format(Request.Form("password")) model1=format(Request.Form("model1")) model2=format(Request.Form("model2")) bankname=format(Request.Form("bankname")) bankaccount=format(Request.Form("bankaccount")) sortcode=format(Request.Form("sortcode")) cps=format(Request.Form("cps")) upg=format(Request.Form("upg")) profit=format(Request.Form("profit")) commission=format(Request.Form("commission")) 'We create the full model number model= trim(model1&" "&model2) ' If profit or commission is not written, its value is 0 If profit="" then profit=0 End if If commission="" then commission=0 End if Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") ' Function that converts a date to universal format yyyy/mm/dd Function dbDate(dt) dbDate = year(dt) &"/"& right("0" & month(dt), 2) &_ "/"& right("0" & day(dt),2) End Function ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function contract=contract1&"/"&contract2&"/"&contract3 ' First we have to check that the phone number is not already in the database SQL="SELECT * FROM Phone WHERE Phone_Number like '"&phonenumber&"';" Set list=connection.Execute(SQL) If list.EOF then SQL = "INSERT INTO Phone (Phone_Number, Network, Type, IMEI, SIM, Contract_Date, Password, Tariff, Model, CPS, Upg_Ref, Profit, Commission, Bank_Name, Account_Number, Sort_Code, ID_Customer) VALUES ('"& phonenumber &"','" & network & "','" & ntype &"','"& imei & "','" & sim & "',#"& dbDate(contract) &"#,'"& password &"','"& tariff &"','"& model &"','"&cps&"','"&upg&"','"&cdbl(profit)&"','"&cdbl(commision)&"','"&bankname&"','"& bankaccount &"','"& sortcode &"','"& id &"');" connection.Execute(SQL) Else ' The phone number is duplicated Response.Redirect("../phones/dupphone.asp") End If %> Cellular Advice NI LTD

Add New Phone

<% Response.Write("

Success. Data was included correctly in the database.

") SQL="SELECT Phone_Number FROM Phone WHERE ID_Customer like '"&id&"';" Set list=connection.Execute(SQL) ' Number of phones of a customer dim counter counter=0 While NOT list.EOF counter=counter+1 list.movenext() Wend %>

This customer has <%Response.Write(counter)%> phone(s)

Click on the button to add another phone for the same customer

 

 

 

©2005 Cellular Advice NI LTD

<% connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  phones  >  addphone.asp