| Author |
 Topic  |
|
|
khalid
New Member
Saudi Arabia
51 Posts |
 Posted - 14 June 2001 : 05:58:04
|
1- viset this page http://www21.brinkster.com/aspphp/sign.htm and fill the clom
this is the code
<%
'Dimension variables
Dim adoCon 'Database Connection Object
Dim strCon 'Holds the Database driver and the path and name of the database
Dim strAccessDB 'Holds the Access Database Name
Dim strSQL 'Database query sring
Dim strInputName 'Holds the Users name
Dim strInputCountry 'Holds the users country
Dim strInputEmailAddress 'Holds the Users e-mail address
Dim strInputHomepage 'Holds the Users homepage
Dim strInputComments 'Holds the Users comments
Dim blnIllegalHTML 'Set to true if someone try's to enter unwanted HTML tags
Dim saryCommentWord 'Array to hold each word in the comments enetred by the user
Dim intCheckWordLengthLoopCounter 'Loop counter
Dim intWordLength 'Holds the length of the word to be checked
Dim blnWordLenthOK 'Boolean set to False if any words in the description are above 30 characters
Dim intLongestWordLength 'Holds the number of characters in the longest word entered in the description
'Error handler
On error resume next
'Read in user deatils from the guestbook form
strInputName = Request.Form("name")
strInputCountry = Request.Form("country")
strInputEmailAddress = Request.Form("email")
strInputHomepage = Request.Form("homepage")
strInputComments = Request.Form("comments")
'Split-up each word in the comments from the user to check that no word entered is over 30 characters
saryCommentWord = Split(Trim(strInputComments), " ")
'Initialse the word length variable
blnWordLenthOK = True
'Loop round to check that each word in the comments entered by the user is not above 30 characters
For intCheckWordLengthLoopCounter = 0 To UBound(saryCommentWord)
'Initialise the intWordLength variable with the length of the word to be searched
intWordLength = Len(saryCommentWord(intCheckWordLengthLoopCounter))
'Get the number of characters in the longest word
If intWordLength => intLongestWordLength Then
intLongestWordLength = intWordLength
End If
'If the word length to be searched is more than or equal to 30 then set the blnWordLegthOK to false
If intWordLength => 30 Then
blnWordLenthOK = False
End If
Next
'Replace bold and italic HTML tags in the comments with my own code so they don't show up as unwanted HTML tags
'Replace the bold tags entered in both lower and upper case
strInputComments = Replace(strInputComments, "<b>", "~bold007on~")
strInputComments = Replace(strInputComments, "</b>", "~bold007off~")
strInputComments = Replace(strInputComments, "<B>", "~bold007on~")
strInputComments = Replace(strInputComments, "</B>", "~bold007off~")
'Replace the italic tags entered in both lower and uppper case
strInputComments = Replace(strInputComments, "<i>", "~italic007on~")
strInputComments = Replace(strInputComments, "</i>", "~italic007off~")
strInputComments = Replace(strInputComments, "<I>", "~italic007on~")
strInputComments = Replace(strInputComments, "</I>", "~italic007off~")
'Check for any unwanted HTML tags in all fields in the form as this can prove to cause a security problem
'Check the users name field for HTML tags
If InStr(strInputName, "<") > 0 And InStr(strInputName, ">") > 0 Then
'If HTML tags found then set the HTML found tag to true
blnIllegalHTML = True
'Check the users countery filed for HTML tags
ElseIf InStr(strInputCountry, "<") > 0 And InStr(strInputCountry, ">") > 0 Then
'If HTML tags found then set the HTML found tag to true
blnIllegalHTML = True
'Check the users e-mail address for HTML tags
ElseIf InStr(strInputEmailAddress, "<") > 0 And InStr(strInputEmailAddress, ">") > 0 Then
'If HTML tags found then set the HTML found tag to true
blnIllegalHTML = True
'Check the users Homepage field for HTML tags
ElseIf InStr(strInputHomepage, "<") > 0 And InStr(strInputHomepage, ">") > 0 Then
'If HTML tags found then set the HTML found tag to true
blnIllegalHTML = True
'Check the users Comments for HTML tags
ElseIf InStr(strInputComments, "<") > 0 And InStr(strInputComments, ">") > 0 Then
'If HTML tags found then set the HTML found tag to true
blnIllegalHTML = True
'Else there are no HTML tags found
Else
'No HTML tags found so set the illgal HTML booloean to false
blnIllegalHTML = False
End If
'Change my own codes for bold and italic HTML tags back to the normal satndrd HTML tags now that the check for unwated HTML tags is over
strInputComments = Replace(strInputComments, "~bold007on~", "<b>")
strInputComments = Replace(strInputComments, "~bold007off~", "</b>")
strInputComments = Replace(strInputComments, "~italic007on~", "<i>")
strInputComments = Replace(strInputComments, "~italic007off~", "</i>")
'Change the emotion symbols for the path to the relative smiley icon
strInputComments = Replace(strInputComments, ":)", "<img src=""guestbook_images/smiley1.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ";)", "<img src=""guestbook_images/smiley2.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ":O", "<img src=""guestbook_images/smiley3.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ":o", "<img src=""guestbook_images/smiley3.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ":D", "<img src=""guestbook_images/smiley4.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ":d", "<img src=""guestbook_images/smiley4.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ":/", "<img src=""guestbook_images/smiley5.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, ":(", "<img src=""guestbook_images/smiley6.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, "X(", "<img src=""guestbook_images/smiley7.gif"" width=""17"" height=""17"">")
strInputComments = Replace(strInputComments, "x(", "<img src=""guestbook_images/smiley7.gif"" width=""17"" height=""17"">")
'Replace harmful characters entred by the user that would course an SQL error when writing to the database
strInputName = Replace(strInputName, "'", "''")
strInputCountry = Replace(strInputCountry, "'", "''")
strInputEmailAddress = Replace(strInputEmailAddress, "'", "''")
strInputHomepage = Replace(strInputHomepage, "'", "''")
strInputComments = Replace(strInputComments, "'", "''")
strInputComments = Replace(strInputComments, vbCrLf, "<br>")
'Get rid of repeated return key hits so there arn't two many new lines going half way down the page (<br> is the HTML tag for new line)
'Loop though the comments entered by the user till all cases of two new lines togather are replaced by one new line
Do While InStr(1, strInputComments, "<br><br>" ,vbTextCompare) > 0
'Replace <br><br> with one case of <br>
strInputComments = Replace(strInputComments , "<br><br>", "<br>")
Loop
'Write to the database if there are no unwanted HTML tags or the word lengths in the commets entered by the user are OK
If blnIllegalHTML = False And blnWordLenthOK = True Then
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "guestbook"
'Create a connection odject to the database
Set adoCon = Server.CreateObject("ADODB.Connection")
'Construct a connection string for the database Connection Object
'Use the Microsoft Access Driver for the Connection object
strCon="DRIVER={Microsoft Access Driver (*.mdb)}; "
'Place in the Connection string the path and the name of the database, using the Server.MapPath method to get the path on the server to the database
strCon = strCon & "DBQ=" & Server.MapPath(strAccessDB)
'Set an active connection to the Connection object
adoCon.Open strCon
'Initalise the strSQL variable with the SQL string
strSQL = "INSERT INTO tblComments ( Name, Country, EMail, Homepage, Comments )"
strSQL = strSQL & " VALUES"
strSQL = strSQL & "('" & strInputName & "', '" & strInputCountry & "', '" & strInputEmailAddress & "', '" & strInputHomepage & "', '" & strInputComments & "');"
'Write to the database
adoCon.Execute(strSQL)
'Reset Sever Objects
Set adoCon = Nothing
'Return to the guestbook
Response.Redirect"guestbook.asp"
End If
%>
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<TITLE>Sign the Guest Book - Error</TITLE>
<!-- The Surf-Net ASP Guestbook is written by Bruce Corkhill ©2001
If you want your Guestbook then goto http://www.surf-net.co.uk -->
</head>
<body bgcolor="#330099" text="#FFFFFF" link="#66CCFF" vlink="#66CCFF" alink="#FF0000">
<div align="center"><br>
<h1>Add Comments - Error</h1><br>
<%
'If an HTML tag has been entered then display an error message
If blnIllegalHTML = True Then
Response.Write "Sorry, your comments have <b>NOT</b> been added to the Guestbook<br><br>HTML tags are not perimitted!<br>"
Response.Write "The only HTML tags permitted are <b>Bold</b> and <i>Italic</i> in the comments field."
'If any of the words are above 30 chracters then disoplay an error message
ElseIf blnWordLenthOK = False Then
Response.Write "Sorry, your comments have <b>NOT</b> been added to the Guestbook<br>You have used a word in your comments that has " & intLongestWordLength & " characters, this is to many!"
End If
%>
<br>
<br>
<a href="javascript:history.back(1)" target="_self">Edit the Guestbook entry entered</a>
<br>
<br>
<a href="guestbook.asp" target="_self"> Return to the the Guestbook</a><br>
<br>
</div>
<div align="center"> <br>
</div>
</body>
</html>
|
|
|
HuwR
Forum Admin
United Kingdom
20600 Posts |
Posted - 14 June 2001 : 10:53:29
|
You could maybe tell us what the problem is, some indication of what it did or didn't do would be useful
|
 |
|
|
Deleted
deleted
4116 Posts |
Posted - 14 June 2001 : 13:57:25
|
quote:
You could maybe tell us what the problem is, some indication of what it did or didn't do would be useful
It does nothing . If you fill the form and it returns to the list of previous messages, it says "no messages". Probably the messsage is not inserted into the database.
Khalid, my friend, can you comment out the error handler around line 15 like
'Error handler
'On error resume next
and run the page again? It will show an error. Please post this error here.
Think Pink |
|
|
|
HuwR
Forum Admin
United Kingdom
20600 Posts |
Posted - 14 June 2001 : 14:08:00
|
it may also be the code in guestbook.asp that is not working rather than your form.
|
|
|
|
khalid
New Member
Saudi Arabia
51 Posts |
Posted - 14 June 2001 : 16:38:46
|
this is the erorr
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified
/add_comments.asp, line 171
|
|
|
|
Deleted
deleted
4116 Posts |
Posted - 14 June 2001 : 17:46:04
|
quote:
this is the erorr
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified
/add_comments.asp, line 171
Assuming that the code you posted above is add_comments.asp, it can be case that the line:
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "guestbook"
is wrong. Can it be "guestbook.mdb" or something like that?
Think Pink |
|
|
| |
Topic |
|
|
|
Topic Locked
