<% id=Request.Form("id") 'If id is empty, we should use get method If id="" then id=Request.QueryString("id") End If bankname=format(Request.Form("bankname")) bankaccount=format(Request.Form("bankaccount")) sortcode=format(Request.Form("sortcode")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("customers") SQL="SELECT Name,Surname,Company_Name FROM Customer WHERE ID_Customer ="&cdbl(id) Set list=connection.Execute(SQL) %> Cellular Advice NI LTD

New Phone.
<%Response.Write(list.Fields("Name")&" "&list.Fields("Surname")&" ("&list.Fields("Company_Name")&")")%>

Please fill the details for the new phone:


Phone Details  
Phone Number
Network
Type
IMEI
SIM
Contract Date
(dd/mm/yyyy)		 / /
Password
Tariff
Model
CPS
Upg_Ref
Profit £
Commission £
Bank Details  
Bank Name
Account Number
Sort Code

 

 


©2005 Cellular Advice NI LTD

<%connection.Close()%> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  phones  >  writephone.asp