The Connection Execute():
If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.
For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.
Get Started:
Below is the script for Lesson 19.
<%@LANGUAGE="JavaScript"%> var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;" <!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common Files\System\ado\msado15.dll" --> <HTML> <HEAD> <TITLE>Administrator Page - Changing the Mailing List</TITLE> </HEAD> <BODY LINK="red" VLINK="red" ALINK="crimson"> <H2>Administrator Page</H2> <H3>Changing a the Mailing List</H3> <% if (Request.Form("Delete") > "") { var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";" } else { var firstName = new String(Request.Form("firstName")) var lastName = new String(Request.Form("lastName")) var Address = new String(Request.Form("Address")) var City = new String(Request.Form("City")) var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, '''); lastName = lastName.replace(myRegExp, '''); Address = Address.replace(myRegExp, '''); City = City.replace(myRegExp, '''); var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" sql += lastName + "' , Address='" + Address + "' , City='" sql += City + "' , State='" + Request.Form("State") + "' , Zip='" sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";" } var objConn=Server.CreateObject("ADODB.Connection"); objConn.Open(strConnect) objConn.Execute(sql) objConn.Close() objConn = null; Response.Write("The member has been updated in the database.") Response.Write("<A HREF=\"../files/committee.asp\">") Response.Write("Click here to see it.</A>") %>
There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.
Danger in The Single Quote:
You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.
var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, ''');
The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.
Execute( ):
The only other thing I want to spend any time with is
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
稳了!魔兽国服回归的3条重磅消息!官宣时间再确认!
昨天有一位朋友在大神群里分享,自己亚服账号被封号之后居然弹出了国服的封号信息对话框。
这里面让他访问的是一个国服的战网网址,com.cn和后面的zh都非常明白地表明这就是国服战网。
而他在复制这个网址并且进行登录之后,确实是网易的网址,也就是我们熟悉的停服之后国服发布的暴雪游戏产品运营到期开放退款的说明。这是一件比较奇怪的事情,因为以前都没有出现这样的情况,现在突然提示跳转到国服战网的网址,是不是说明了简体中文客户端已经开始进行更新了呢?