当前位置: 首页 > 图文教程 > 网络编程 > ASP > javascript asp教程添加和修改

ASP
asp 网站静态化函数代码html
asp利用Split函数进行多关键字检索
ASP动态include文件
用ASP开发网页需要牢记的注意事项
利用ASP发送和接收XML数据的处理方法
Session对象失效的客户端解决方法
一次性下载远程页面上的所有内容
asp模板引擎终结者(WEB开发之ASP模式)
浅谈 ASP 模板技术之参数传递
本人常用的分页代码
也谈采集入库的技术
简单分页函数一 常用
msxml3.dll 错误 ''800c0005''解决方案
[原创]本人常用的asp代码
生成所有页面的效果+分页生成
[原创]关于Script的Defer属性
[原创]asp截取字符串的两种应用
内容分页函数
[ASP]精华代码
asp提高首页性能的一个技巧

ASP 中的 javascript asp教程添加和修改


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 155 ::
收藏到网摘: n/a

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")	{	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"	}
else	{	var firstName = new String(Request.Form("firstName"))	var lastName = new String(Request.Form("lastName"))	var Address = new String(Request.Form("Address"))	var City = new String(Request.Form("City"))	var myRegExp = /[']/g;	firstName = firstName.replace(myRegExp, ''');	lastName = lastName.replace(myRegExp, ''');	Address = Address.replace(myRegExp, ''');	City = City.replace(myRegExp, ''');	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"	sql += lastName + "' , Address='" + Address + "' , City='"	sql += City + "' , State='" + Request.Form("State") + "' , Zip='"	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.