当前位置: 首页 > 图文教程 > 网络编程 > ASP > javascript asp教程添加和修改

ASP
嵌入式Web视频点播系统实现方法
GB与BIG5内码转换COM原代码
金额阿拉伯数字转换为中文的存储过程
利用 WSH 作定时工作流程
用InstallShield 进行 ASP 软件的打包和自动安装
服务器获得客户端时间的方法
关于如何读出图片的高度与长度的总结
按下回车键指向下一个位置的一个函数
一个不错的随机函数
一套加解密字符串的函数
一段加密函数(base64)
一段加密函数
使用asp实现支持附件的邮件系统(三)
使用asp实现支持附件的邮件系统(二)
使用asp实现支持附件的邮件系统(一)
检查当前目录下是否存在指定的文件,如果存在就重新命名
MD5加密的javascript实现例子
如何在服务器端调用winzip命令行对上传的多个文件打包压缩
MD5不可逆加密算法的ASP实现实例
看人家用使用InstallShield制作ASP安装程序(6)

ASP 中的 javascript asp教程添加和修改


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 232 ::
收藏到网摘: n/a

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")	{	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"	}
else	{	var firstName = new String(Request.Form("firstName"))	var lastName = new String(Request.Form("lastName"))	var Address = new String(Request.Form("Address"))	var City = new String(Request.Form("City"))	var myRegExp = /[']/g;	firstName = firstName.replace(myRegExp, ''');	lastName = lastName.replace(myRegExp, ''');	Address = Address.replace(myRegExp, ''');	City = City.replace(myRegExp, ''');	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"	sql += lastName + "' , Address='" + Address + "' , City='"	sql += City + "' , State='" + Request.Form("State") + "' , Zip='"	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.