<% imei=format(Request.Form("imei")) name=format(Request.Form("name")) surname=format(Request.Form("surname")) company=format(Request.Form("company")) model=format(Request.Form("model")) price=format(Request.Form("price")) supplier=format(Request.Form("supplier")) ' Function that eliminates singles "'" and spaces in input strings ' And some other things to avoid SQL injection attacks Function format(st) dim stnew stnew = st stnew = Replace(stnew,"'","''") stnew = Replace(stnew,"""","") stnew = Replace(stnew,"--","") stnew = Replace(stnew,"DELETE","") stnew = Replace(stnew,"UPDATE","") stnew = Replace(stnew,"DROP","") stnew = Replace(stnew,"SELECT","") stnew = Replace(stnew,"INSERT","") stnew = Server.HTMLEncode(stnew) format = Trim(stnew) End Function Set connection = Server.CreateObject("ADODB.Connection") connection.Open("stock") SQL="UPDATE Product SET Name='"&name&"', Surname='"&surname&"', Company='"&company&"', Model='"&model&"', Price='"&cdbl(price)&"', Supplier='"&supplier&"' WHERE IMEI = '"&imei&"';" connection.Execute(SQL) %> Cellular Advice NI LTD

Update Product

<% Response.Write("

Success. Product was updated correctly.

") %>

 

 

 

 

 

 

©2005 Cellular Advice NI LTD

<% 'Close the connection to the database connection.Close() %> e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


SISTEMA DE INFORMACIÓN INTEGRAL PARA EMPRESAS APLICANDO TECNOLOGÍAS DE INFORMACIÓN Y VPNS

: Salvago Hidalgo, Raúl
: Ingeniería Telecomunicación
Contenido del proyecto:
Directorio raíz  >  Sitio Web  >  stock  >  updateprod.asp