您现在的位置是:网站首页> 编程资料编程资料
javascript asp教程添加和修改_ASP基础_
2023-05-25
235人已围观
简介 javascript asp教程添加和修改_ASP基础_
The Connection Execute():
If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.
For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.
Get Started:
Below is the script for Lesson 19.
<%@LANGUAGE="JavaScript"%> var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;" Administrator Page - Changing the Mailing List Administrator Page
Changing a the Mailing List
<% if (Request.Form("Delete") > "") { var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";" } else { var firstName = new String(Request.Form("firstName")) var lastName = new String(Request.Form("lastName")) var Address = new String(Request.Form("Address")) var City = new String(Request.Form("City")) var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, '''); lastName = lastName.replace(myRegExp, '''); Address = Address.replace(myRegExp, '''); City = City.replace(myRegExp, '''); var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" sql += lastName + "' , Address='" + Address + "' , City='" sql += City + "' , State='" + Request.Form("State") + "' , Zip='" sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";" } var objConn=Server.CreateObject("ADODB.Connection"); objConn.Open(strConnect) objConn.Execute(sql) objConn.Close() objConn = null; Response.Write("The member has been updated in the database.") Response.Write("") Response.Write("Click here to see it.") %>There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.
Danger in The Single Quote:
You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.
var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, ''');
The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.
Execute( ):
The only other thing I want to spend any time with is
相关内容
- javascript asp教程More About Recordsets_ASP基础_
- javascript asp教程Recordset记录_ASP基础_
- javascript asp教程创建数据库连接_ASP基础_
- javascript asp教程错误处理_ASP基础_
- javascript asp教程服务器对象_ASP基础_
- javascript asp教程第十三课--include文件_ASP基础_
- javascript asp教程第十二课---session对象_ASP基础_
- javascript asp教程第十一课--Application 对象_ASP基础_
- javascript asp教程第十课--global asa_ASP基础_
- javascript asp教程第九课--cookies_ASP基础_
