javascript asp教程は添加して改正します。
3651 ワード
The Connection Execute():
If you want to retrieve data from a database then you haveのcheck but to use a Recordset.However,for the purposes of adding,udating,and deleting data you don't necerissage have to have to have.It'up.com.up.up.com
For the purposes of adding、udating and deleting you can avoid the Recordset by using the Execute()method.
Get Startd:
Below is the script for Lesson 19.
Danger in The Single Quote:
You'll notice that I replace sigle marks with the HTML encoded equivalent.I did that using the follwing code.
Execute():
The only other thing I want to spend any time with is objConn.Execute.The variable sql Tars on one of tword definitions depending on the relt of an"if"statement.In this case sql does althe.net work.never.net。
If you want to retrieve data from a database then you haveのcheck but to use a Recordset.However,for the purposes of adding,udating,and deleting data you don't necerissage have to have to have.It'up.com.up.up.com
For the purposes of adding、udating and deleting you can avoid the Recordset by using the Execute()method.
Get Startd:
Below is the script for Lesson 19.
<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")
{
var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"
}
else
{
var firstName = new String(Request.Form("firstName"))
var lastName = new String(Request.Form("lastName"))
var Address = new String(Request.Form("Address"))
var City = new String(Request.Form("City"))
var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');
lastName = lastName.replace(myRegExp, ''');
Address = Address.replace(myRegExp, ''');
City = City.replace(myRegExp, ''');
var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"
sql += lastName + "' , Address='" + Address + "' , City='"
sql += City + "' , State='" + Request.Form("State") + "' , Zip='"
sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"
}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>
The e'sのlink to see this one in action.I did that for security reasons.I just want to point out a few highlights.Danger in The Single Quote:
You'll notice that I replace sigle marks with the HTML encoded equivalent.I did that using the follwing code.
var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');
The single_is the only character you cannot input input a database sung ASP appplication.Everything else is fair game.DO NOT accept from users into your database without replicing alogle.logse。the single quot te is like a key that opens up your entire database.Hackers will tear your appication to shreds fs you let someone input single quot.Execute():
The only other thing I want to spend any time with is objConn.Execute.The variable sql Tars on one of tword definitions depending on the relt of an"if"statement.In this case sql does althe.net work.never.net。