当前位置: 首页 > 图文教程 > 网络编程 > ASP > javascript asp教程添加和修改

ASP
在ASP程序中实现数据库事务控制
怎样开始一个ASP网站的设计
ASP中使用ServerVariables集合详解
关于解决商务平台ASP程序的源代码泄漏设想与思考
ASP通用模板类
javascript利用xmlhttp获得服务器时钟的方法
asp+oracle分页程序类(XDOWNPAGE2.0)
ASP中实现小偷程序的原理和简单
asp中vbscript访问xml文件
ASP防SQL注入攻击程序
用ASP读INI配置文件的函数
asp实现关键词获取(各搜索引擎,gb2312及utf-8)
xmlhttp组件获取远程文件并筛选出目标数据
XMLHTTP Get HTML页面时的中文乱码之完全客户端Script解决方案
WEB打印设置解决方案一(通过修改注册表改变IE打印设置)
WEB打印设置解决方案二(利用ScriptX.cab控件改变IE打印设置)
WEB打印设置解决方案三(FileSystem组件实现WEB打印)
WEB打印设置解决方案四(在ASP中实现网络打印功能)
ASP实用技巧 强制刷新网页
Access通用-自动替换数据库中的字符串

ASP 中的 javascript asp教程添加和修改


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 152 ::
收藏到网摘: n/a

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")	{	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"	}
else	{	var firstName = new String(Request.Form("firstName"))	var lastName = new String(Request.Form("lastName"))	var Address = new String(Request.Form("Address"))	var City = new String(Request.Form("City"))	var myRegExp = /[']/g;	firstName = firstName.replace(myRegExp, ''');	lastName = lastName.replace(myRegExp, ''');	Address = Address.replace(myRegExp, ''');	City = City.replace(myRegExp, ''');	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"	sql += lastName + "' , Address='" + Address + "' , City='"	sql += City + "' , State='" + Request.Form("State") + "' , Zip='"	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.