Cellular Advice NI LTD

<% model=format(Request.QueryString("model")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("stock") SQL="SELECT * FROM Product WHERE Model = '"&model&"' AND Date_out IS NULL ORDER BY Date_in" Set list=connection.Execute(SQL) %> Cellular Advice NI LTD

Detail of Products

Details of products in stock :

<% Do while NOT list.EOF Response.Write("") list.movenext() Loop %>

Model	IMEI	Date In	Price	Supplier
"&list.Fields("Model")&"	"&list.Fields("IMEI")&"	"&list.Fields("Date_in")&"	"&list.Fields("Price")&" £	"&list.Fields("Supplier")&"

<% connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.

SISTEMA DE INFORMACIÃ“N INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÃAS DE INFORMACIÃ“N Y VPNS

: Salvago Hidalgo, RaÃºl
: Ingeniería TelecomunicaciÃ³n

Contenido del proyecto:

Directorio raíz > Sitio Web > stock > listdetprod.asp

Detail of Products

Details of products in stock :

Navigation Bar

SISTEMA DE INFORMACIÃ“N INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÃAS DE INFORMACIÃ“N Y VPNS

: Salvago Hidalgo, RaÃºl : Ingeniería TelecomunicaciÃ³n

SISTEMA DE INFORMACIÃ“N INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÃAS DE INFORMACIÃ“N Y VPNS

: Salvago Hidalgo, RaÃºl
: Ingeniería TelecomunicaciÃ³n