javascript asp教程添加和修改

來源:互聯網
上載者:User

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"<!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common Files\System\ado\msado15.dll" --><HTML><HEAD><TITLE>Administrator Page - Changing the Mailing List</TITLE></HEAD><BODY LINK="red" VLINK="red" ALINK="crimson"><H2>Administrator Page</H2><H3>Changing a the Mailing List</H3><%if (Request.Form("Delete") > ""){var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"}else{var firstName = new String(Request.Form("firstName"))var lastName = new String(Request.Form("lastName"))var Address = new String(Request.Form("Address"))var City = new String(Request.Form("City"))var myRegExp = /[']/g;firstName = firstName.replace(myRegExp, ''');lastName = lastName.replace(myRegExp, ''');Address = Address.replace(myRegExp, ''');City = City.replace(myRegExp, ''');var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" sql += lastName + "' , Address='" + Address + "' , City='" sql += City + "' , State='" + Request.Form("State") + "' , Zip='" sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"}var objConn=Server.CreateObject("ADODB.Connection");objConn.Open(strConnect)objConn.Execute(sql)objConn.Close()objConn = null;Response.Write("The member has been updated in the database.")Response.Write("<A HREF=\"../files/committee.asp\">")Response.Write("Click here to see it.</A>")%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.

相關文章

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.