<% id=Request.Form("id") phonenumber=format(Request.Form("phonenumber")) network=format(Request.Form("network")) ntype=format(Request.Form("ntype")) imei=format(Request.Form("imei")) sim=format(Request.Form("sim")) contract1=format(Request.Form("contract1")) contract2=format(Request.Form("contract2")) contract3=format(Request.Form("contract3")) tariff=format(Request.Form("tariff")) password=format(Request.Form("password")) model=format(Request.Form("model")) bankname=format(Request.Form("bankname")) bankaccount=format(Request.Form("bankaccount")) sortcode=format(Request.Form("sortcode")) cps=format(Request.Form("cps")) upg=format(Request.Form("upg")) profit=format(Request.Form("profit")) commission=format(Request.Form("commission")) Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") ' Function that converts a date to universal format yyyy/mm/dd Function dbDate(dt) dbDate = year(dt) &"/"& right("0" & month(dt), 2) &_ "/"& right("0" & day(dt),2) End Function ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function contract=contract1&"/"&contract2&"/"&contract3 If profit="" then profit=0 End if If commission="" then commission=0 End if SQL = "UPDATE Phone SET Network='"&network&"',Type='"&ntype&"',IMEI='"&imei&"',SIM='"&sim&"',Password='"&password&"',Tariff='"&tariff&"',Model='"&model&"',Contract_Date=#"&dbDate(contract)&"#,Bank_Name='"&bankname&"',Account_Number='"&bankaccount&"',Sort_Code='"&sortcode&"',CPS='"&cps&"',Upg_Ref='"&upg&"',Profit='"&cdbl(profit)&"',Commission='"&cdbl(commission)&"' WHERE Phone_Number ='" & phonenumber & "';" connection.Execute(SQL) %> Cellular Advice NI LTD

Phone Details Updated.

<% Response.Write("

Success. Data has been updated correctly in the database.

") %>

 

 

 

 

©2005 Cellular Advice NI LTD

<% connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  phones  >  updatephone.asp