<% imei=format(Request.Form("imei")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("stock") SQL = "SELECT * FROM Product WHERE IMEI like '"&imei&"';" Set list = connection.Execute(SQL) ' We check if the product exists in the database If list.EOF then Response.Redirect("../stock/prodnotfound.asp") End If ' We check if the product has been already sold If NOT list.Fields("Date_out") = "" Then Response.Redirect("../stock/prodsold.asp?imei="&imei) End If %> Cellular Advice NI LTD

Sell Product

Please complete the details to sell the product:


Company
Name
Surname
IMEI <%Response.Write(imei)%>
Phone Model <%Response.Write(list.Fields("Model"))%>
Supplier <%Response.Write(list.Fields("Supplier"))%>
Price <%Response.Write(list.Fields("Price"))%> £
Date in <%Response.Write(list.Fields("Date_in"))%>

 

 

 

 

©2005 Cellular Advice NI LTD

e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  stock  >  outprod.asp