<% id=format(Request.Form("textfield")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") SQL="SELECT * FROM Phone WHERE Phone_Number like '"& id &"';" Set list=connection.Execute(SQL) If list.EOF then Response.Redirect("./phonenotfound.asp") %> Cellular Advice NI LTD

Modify Phone Details. Phone Number: <%Response.Write(" "&list.Fields("Phone_Number"))%>

Here you can modify phone details:

Phone Details " />
Network
Type
IMEI " size="15" maxlength="15" />
SIM " size="11" maxlength="11" />
Contract Date
(dd/mm/yyyy)		 " size="2" maxlength="2" /> / " size="2" maxlength="2" /> / " size="4" maxlength="4" />
Password " size="20" maxlength="20" />
Tariff " size="50" maxlength="50" />
Model " size="50" maxlength="50" />
CPS " />
Upg_Ref " />
Profit " /> £
Commision " /> £
Bank Details  
Bank Name " size="50" maxlength="50" />
Account Number " size="8" maxlength="8" />
Sort Code " size="8" maxlength="8" />

 

©2005 Cellular Advice NI LTD

<% connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  phones  >  modifyphone.asp