First to give a form, to allow users to enter the registration information, these are HTML content, and put aside, we take a closer look at the specific implementation of the registered ASP script.
' Change the single quotation marks in the data to two single quotes and precede them with single quotes
Function sqlstr (data)
Sqlstr = "'" & Replace (data, "'", "" ") &" "
End Function
This is a custom function that converts single quotes (') in user input to two single quotes ('). In ASP, the string is surrounded by double quotes, so the above "'" means a string with only one single quote. The reason to change one single quotation mark into two single quotes is that it is used to represent variables in a SQL statement enclosed in single quotes. To avoid confusion, the single quotation marks in the string are represented by two single quotes. All user input is embedded as a variable in the SQL statement, so this function is essential.
' Storage preparation
Id=request ("id")
Password=request ("password")
Nickname=request ("nickname")
Email=request ("email")
Sex=request ("Sex")
It's not necessary to keep content from user input forms in variables, but it's easier to read and write.
If Request ("name") = "" Then Name= "Else name=request (" name ")
If Request ("phone") = "" Then phone= "" Else phone=request ("phone")
Because these content is not mandatory, in order to prevent users from not entering any content, and caused errors in database operations, you must not fill in the field with a space to replace.
' Establish a connection
Set conn = Server.CreateObject ("ADODB. Connection ")
Conn. Open "Driver={microsoft Access driver (*.mdb)};d bq=" & Server.MapPath ("Bbssystem.mdb")
This section is to establish a database connection, the name of the database is Bbssystem.mdb, the only thing to note in this paragraph is the application of the Server.MapPath function. In general, where the specific directory is involved, do not use the directory name directly, instead of using the Server.MapPath function instead. Make good use of Server.MapPath and Request.ServerVariables () and other functions, you can have a better Web application portability.
Set cmd = Server.CreateObject ("Adodb.command")
' Query if the author already exists
Set cmd. ActiveConnection = conn
Cmd.commandtext = "query Author"
ReDim param (0) ' declares an array of arguments
Param (0) = CStr (ID) ' CInt not to be ignored
Set rs = cmd. Execute (, param)
This section is used to perform the storage query. There are many ways to execute a query in ADO, but you can only use the command object for a storage query. First, a command object called CMD is established, then the Conn Connection object is assigned to the ActiveConnection attribute of the Cmd object, the query name "query Author" is assigned to the CommandText property, and then the query parameter is assigned a value. We declare a parameter array param (0), because there is only one argument in the query author query, so the array has only one component. In general, there are several parameters in the query, it is necessary to declare a corresponding number of components of the parameter array. and the order in which the parameters appear is corresponding to the order of the components in the array. In the process of using a parameter query, it is particularly noteworthy that the type of the parameter should be strictly matched, or this will be an error, so the above CStr () type conversion function is indispensable.
If not (rs.eof or RS.BOF) then
Response.Write "
Error, you have entered the ID number has been occupied, please change another try again!
"
Else
sql = "Insert into author table (ID, nickname, Email, password, name, school, department, Sex, telephone) Values ("
sql = SQL & Sqlstr (ID) & ","
sql = SQL & Sqlstr (nickname) & ","
sql = SQL & sqlstr (email) & ","
sql = SQL & sqlstr (password) & ","
sql = SQL & SQLSTR (name) & ","
sql = SQL & Sqlstr (school) & ","
sql = SQL & SQLSTR (department) & ","
sql = SQL & sqlstr (Sex) & ","
sql = SQL & SQLSTR (phone) & ")"
Conn. Execute SQL
Call an SQL INSERT statement to insert the data into the database. In fact, this query can also be made into a storage query in the database, I stole a little lazy:-) but also can see the advantages of the storage query, Run-time query writing is too troublesome.
