当前位置: 首页 > 图文教程 > 网络编程 > ASP > javascript asp教程添加和修改

ASP
BytesToBstr获取的源码转换为中文的代码
PostHttpPage用asp是实现模拟登录效果的代码
asp下实现UrlEncoding转换编码的代码
GetBody asp实现截取字符串的代码
asp之GetArray提取链接地址,以$Array$分隔的代码
DefiniteUrl asp将相对地址转换为绝对地址的代码
ReplaceSaveRemoteFile 替换、保存远程图片 的代码
ReSaveRemoteFile函数之asp实现查找文件保存替换的代码
FormatRemoteUrl函数之asp实现格式化成当前网站完整的URL-将相对地址转换为绝对地址的代码
ReplaceTrim 函数之asp实现过滤掉字符中所有的tab和回车和换行的代码
CheckFile函数之asp实现检查某一文件是否存在的代码
SaveRemoteFile函数之asp实现保存远程的文件到本地的代码
FpHtmlEnCode 函数之标题过滤特殊符号的代码
GetPaing 函数之asp采集函数中用到的获取分页的代码
ScriptHtml 函数之过滤html标记的asp代码
asp实现检查目录是否存在与建立目录的函数
ShowPage 显示“上一页 下一页”等信息的封装代码
JoinChar 向地址中加入 ? 或 & 用于实现传参
CreateKeyWord asp实现的由给定的字符串生成关键字的代码
Server.Execute方法执行指定的ASP程序

ASP 中的 javascript asp教程添加和修改


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 98 ::
收藏到网摘: n/a

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")	{	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"	}
else	{	var firstName = new String(Request.Form("firstName"))	var lastName = new String(Request.Form("lastName"))	var Address = new String(Request.Form("Address"))	var City = new String(Request.Form("City"))	var myRegExp = /[']/g;	firstName = firstName.replace(myRegExp, ''');	lastName = lastName.replace(myRegExp, ''');	Address = Address.replace(myRegExp, ''');	City = City.replace(myRegExp, ''');	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"	sql += lastName + "' , Address='" + Address + "' , City='"	sql += City + "' , State='" + Request.Form("State") + "' , Zip='"	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.