<% model1=Request.Form("model1") model2=format(Request.Form("model2")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("stock") model=model1&" "&model2 SQL="SELECT Model FROM Product WHERE Model like '%"&model&"%' AND Date_out IS NULL GROUP BY Model;" Set list=connection.Execute(SQL) %> Cellular Advice NI LTD

List Products

List of products that match with your search:

<% If list.EOF then Response.Write("

Sorry. No model found in stock in the database.

") End If Do while NOT list.EOF SQL="SELECT COUNT(Model) AS total FROM Product WHERE Model ='"&list.Fields("Model")&"' AND Date_out IS NULL;" Set list2=connection.Execute(SQL) link=""&list2.Fields("total")& " product(s) of this model in stock " Response.Write("") Response.Write("") Response.Write("") Response.Write("") list.movenext() Loop %>
   
"&list.Fields("Model")&""&link&"

 

 

 

©2005 Cellular Advice NI LTD

<% connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  stock  >  showlistprod.asp