<%
imei=format(Request.Form("imei"))
company=format(Request.Form("company"))
name=format(Request.Form("name"))
surname=format(Request.Form("surname"))
' Function that eliminates singles "'" and spaces in input strings
' And some other things to avoid SQL injection attacks
Function format(st)
dim stnew
stnew = st
stnew = Replace(stnew,"'","''")
stnew = Replace(stnew,"""","")
stnew = Replace(stnew,"--","")
stnew = Replace(stnew,"DELETE","")
stnew = Replace(stnew,"UPDATE","")
stnew = Replace(stnew,"DROP","")
stnew = Replace(stnew,"SELECT","")
stnew = Replace(stnew,"INSERT","")
stnew = Server.HTMLEncode(stnew)
format = Trim(stnew)
End Function
' Function that converts to universal format yyyy/mm/dd
Function dbDate(dt)
dbDate = year(dt) &"/"& right("0" & month(dt), 2) &_
"/"& right("0" & day(dt),2)
End Function
Set connection = Server.CreateObject("ADODB.Connection")
connection.Open("stock")
SQL = "SELECT * FROM Product WHERE IMEI = '"&imei&"';"
Set list = connection.Execute(SQL)
SQL="UPDATE Product SET Date_out = #"&dbDate(date)&" "& time &"#,Name = '"&name&"',Surname='"&surname&"',Company='"&company&"' WHERE IMEI = '"&imei&"';"
connection.Execute(SQL)
%>
Cellular Advice NI LTD
