添加和修改javascript asp的教程

来源:爱站网时间:2020-05-28编辑:网友分享
是不是很多用户们都不知道怎么修改和添加javascript asp呢?别着急,今天爱站小编就将围绕这个问题为大家介绍添加和修改javascript asp的教程,希望对你有所帮助。

是不是很多用户们都不知道怎么修改和添加javascript asp呢?别着急,今天爱站小编就将围绕这个问题为大家介绍添加和修改javascript asp的教程,希望对你有所帮助。

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.


var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" 
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"



Administrator Page - Changing the Mailing List

Administrator Page

Changing a the Mailing List

"") { var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";" } else { var firstName = new String(Request.Form("firstName")) var lastName = new String(Request.Form("lastName")) var Address = new String(Request.Form("Address")) var City = new String(Request.Form("City")) var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, '''); lastName = lastName.replace(myRegExp, '''); Address = Address.replace(myRegExp, '''); City = City.replace(myRegExp, '''); var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" sql += lastName + "' , Address='" + Address + "' , City='" sql += City + "' , State='" + Request.Form("State") + "' , Zip='" sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";" } var objConn=Server.CreateObject("ADODB.Connection"); objConn.Open(strConnect) objConn.Execute(sql) objConn.Close() objConn = null; Response.Write("The member has been updated in the database.") Response.Write("") Response.Write("Click here to see it.") %>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.

以上就是小编介绍添加和修改javascript asp的教程,在上文中,小编为大家做了简单的介绍。其实,在日常的程序开发中,是经常使可以使用的。

上一篇:ASP数据库的连接方式介绍

下一篇:ASP中判断字符是不是汉字的方法

您可能感兴趣的文章

相关阅读

热门软件源码

最新软件源码下载