javascript asp教程添加和修改

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")
{
var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"
}
else
{
var firstName = new String(Request.Form("firstName"))
var lastName = new String(Request.Form("lastName"))
var Address = new String(Request.Form("Address"))
var City = new String(Request.Form("City"))

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');
lastName = lastName.replace(myRegExp, ''');
Address = Address.replace(myRegExp, ''');
City = City.replace(myRegExp, ''');

var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"
sql += lastName + "' , Address='" + Address + "' , City='"
sql += City + "' , State='" + Request.Form("State") + "' , Zip='"
sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"
}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>


There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.

(0)

相关推荐

  • javascript asp教程添加和修改

    The Connection Execute(): If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you. Fo

  • javascript asp教程第二课--转义字符

    并非是题外话:我们在第二课中要讲到的"转义字符"看起来与我们的课程并没有关系.事实并非如此.转义字符是在 asp中使用javascript的一个完整部分.而第二课要讲的恰恰就是转义字符.没有转义字符,那么你为了 写出有效率的asp脚本将会遇到许多的困难.抱歉,下面进入正题:以下是第二课的asp脚本.还记不记得在第一课的列子中,我们怎样编写了一个html输出都在同一行的代码.转义字符允许我们增加 换行符号.下面是我们上边例子在客户端html输出页面的代码:换行符:我又在下面重新打了一行a

  • javascript asp教程第十二课---session对象

    Overview: The Session Object is how you track a single user across many pages. It has four (4) properties, two (2) collections, one (1) method, and two (2) events. Get Started: In this series of examples we will create a password system. We will use

  • javascript asp教程Recordset记录

    Recordset is another created/instanciated Object. It is a collection of data taken from a database. Recordset has 26 properties, 25 methods, 11 events, and two (2) collections. The vast majority of Recordset is beyond the scope of this web site. Quic

  • javascript asp教程第十课--global asa

    Global.asa: First of all, what is a global.asa? It's an optional script file that holds certain "global" information that you can access through the entire ASP appliciation. The global.asa is a plain text file saved with the .asa extension. You

  • javascript asp教程第六课-- response方法

    response 对象:reponse是asp中六个对象之一.它代表了服务器端对浏览器的回应.response有8种方法,9种属性和一个集.在这一课,我们就重点讲述方法.方法:在javascript中,asp方法使用括号.请注意依赖response.buffer的两个方法,我们将在下一课讲到他们.同样应该注意到addheader()和redirect(),因为他们必须优先于write()执行.所有的方法都在上面描述和演示了.下面我将详细讲述每一个方法.我将花点额外的时间来讲述我们用的最多的两个方

  • javascript asp教程第七课--response属性

    Below is a table of Response Properties along with examples and explanations. Response Properties Buffer Response.Buffer = trueAllows for the buffering of output CacheControl Response.CacheControl="Public" Sets Cache to "Public" or &qu

  • javascript asp教程第三课 new String() 构造器

    开始:new String() 是本课程计划中较早出现的另一个让人感觉到奇怪的地方.但和转义字符一样, new String()是创建一个成功的asp javascript应用的必须元素.下面是本课的两个脚本:下面是实际上承担重量的脚本:行为中的new String( ):现在我们来看看下面的asp行.Request.Form 我们将在后面有独立的课程来讲授.下面才是我们现在要讲的重点.在request.form中所持有的数据(来自用户的数据)并不是一个javascript数据类型.相反,它是一

  • javascript asp教程创建数据库连接

    While this section is devoted to ASP database utilization, it very important to remember that this web site is not intended to be a thorough ASP resource. Remember, the focus of this site is strictly limited to how to use JavaScript as your primary s

  • javascript asp教程错误处理

    The ASPError Object has zero (0) Methods, nine (9) Properties, zero (0) Events, and zero (0) Collections. AspCode AspDescription Category Column Description File Line Number SourceThe way you access the ASPError Properties is with a Server Method. Ye

随机推荐