The Connection Execute():
If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.
For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.
Get Started:
Below is the script for Lesson 19.
<%@LANGUAGE="JavaScript"%> var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;" <!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common Files\System\ado\msado15.dll" --> <HTML> <HEAD> <TITLE>Administrator Page - Changing the Mailing List</TITLE> </HEAD> <BODY LINK="red" VLINK="red" ALINK="crimson"> <H2>Administrator Page</H2> <H3>Changing a the Mailing List</H3> <% if (Request.Form("Delete") > "") { var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";" } else { var firstName = new String(Request.Form("firstName")) var lastName = new String(Request.Form("lastName")) var Address = new String(Request.Form("Address")) var City = new String(Request.Form("City")) var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, '''); lastName = lastName.replace(myRegExp, '''); Address = Address.replace(myRegExp, '''); City = City.replace(myRegExp, '''); var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" sql += lastName + "' , Address='" + Address + "' , City='" sql += City + "' , State='" + Request.Form("State") + "' , Zip='" sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";" } var objConn=Server.CreateObject("ADODB.Connection"); objConn.Open(strConnect) objConn.Execute(sql) objConn.Close() objConn = null; Response.Write("The member has been updated in the database.") Response.Write("<A HREF=\"../files/committee.asp\">") Response.Write("Click here to see it.</A>") %>
There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.
Danger in The Single Quote:
You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.
var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, ''');
The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.
Execute( ):
The only other thing I want to spend any time with is
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
更新日志
- [电影原声带]黎允文《天将雄师》[FLAC+CUE]
- 曝NS继任机型已进入量产阶段:已花了30亿日元
- 不是Switch2?曝《马里奥惊奇》NS捆绑包即将公开
- 暖心任天堂!网友Switch维修返还时贴纸被完好保留
- 《国语老歌 经典对唱情歌 2CD》[WAV/分轨][1.1GB]
- 《刀郎 翻唱精选华语专辑 披着羊皮的狼 》[WAV+CUE][430MB]
- 《真的田震 中国乐坛红极一时的歌者 精品集》[WAV+CUE][300MB]
- 群星.1995-新滚石九大天王之情歌大全【滚石】【WAV+CUE】
- 群星.1993-滚石九大天王十二出好戏·纵夏欢唱【滚石】【WAV+CUE】
- 群星.1993-滚石九大天王十二出好戏·贺岁齐唱【滚石】【WAV+CUE】
- 黑神话悟空上品虫校尉精魄获取方法一览|上品虫校尉精魄收集攻略
- 《指环王:夏尔的传说》推迟至2025年初发行
- 黑神话悟空上品蝎太子精魄获取方法一览|上品蝎太子精魄收集攻略
- 银霞.1977-《台北66电影原声带》台湾复刻版[WAV+CUE]
- 银霞.1980-《你那好冷的小手》台湾珍藏纪念版[WAV+CUE]