javascript asp教程添加和修改

内容导读

互联网集市收集整理的这篇技术教程文章主要介绍了javascript asp教程添加和修改，小编现在分享给大家，供广大互联网技能从业者学习和参考。文章包含2857字，纯文字阅读大概需要5分钟。

内容图文

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" 
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib" 
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")
	{
	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"
	}
else
	{
	var firstName = new String(Request.Form("firstName"))
	var lastName = new String(Request.Form("lastName"))
	var Address = new String(Request.Form("Address"))
	var City = new String(Request.Form("City"))

	var myRegExp = /[']/g;
	firstName = firstName.replace(myRegExp, ''');
	lastName = lastName.replace(myRegExp, ''');
	Address = Address.replace(myRegExp, ''');
	City = City.replace(myRegExp, ''');
	
	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" 
	sql += lastName + "' , Address='" + Address + "' , City='" 
	sql += City + "' , State='" + Request.Form("State") + "' , Zip='" 
	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"
	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.

内容总结

以上是互联网集市为您收集整理的javascript asp教程添加和修改全部内容，希望文章能够帮你解决javascript asp教程添加和修改所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错，欢迎将互联网集市网站推荐给程序员好友。

内容备注

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 gblab@vip.qq.com 举报，一经查实，本站将立刻删除。

内容手机端