| Author |
 Topic  |
|
|
Astralis
Senior Member
USA
1218 Posts |
 Posted - 18 January 2005 : 05:02:54
|
| Does anyone have a complete page to share, including the form, that inserts, updates, and deletes a record, all on one .asp page? |
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 18 January 2005 : 15:20:54
|
| It's not that hard to do, just a few IFs and (probably) a hidden field in your form to store the operation you want to perform ... makes the syntax easier to create. |
 |
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 18 January 2005 : 16:07:13
|
About the form variables...when the form is being called for the first time, the value of the input field is requesting something like this: <%=Variable1%> . Because this is for an 'input', the variable should be empty, right? Or do I have to manually make it empty? |
|
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 18 January 2005 : 16:23:38
|
If you're updating, you would have chosen a record to populate the form with. So you really need :
- a summary area (select * from table), could include delete button
- be able to choose which record to edit (full-size form)
- the form includes a hidden value for update
- maybe another form, or same form (empty) for adding |
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 18 January 2005 : 17:14:11
|
Do you want to update/add/delete an entry all via one page *instance* or one page *multiple instances*?
Like a page that is self contained but contains a seperate function for each...? or a page with everything right there in one lineup? |
-Stim |
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 18 January 2005 : 17:56:51
|
| Either way. |
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 18 January 2005 : 19:43:11
|
In that case, I would do something like so:
<%
strMode = request.form("mode")
Select Case strMode
Case "edit"
doEditSub
Case "new"
newInputSub
Case "delete"
removeSub
End Select
Sub doEditSub()
'### put your edit sql here, grabbing the appropriate form values
'### I usually put the ID of the item in the form input
End Sub
Sub newInputSub()
'### put your insert sql here, grabbing the appropriate values
End Sub
Sub removeSub()
'### Put your delete sql here. Its generally a good idea
'### to put some kind of confirmation barrier
End Sub
%>
Insert forms here
|
-Stim |
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 18 January 2005 : 23:50:28
|
| Forms? Why would there be more than one, if that's what you meant.? |
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 19 January 2005 : 03:09:57
|
quote:
'### put your edit sql here, grabbing the appropriate form values
'### I usually put the ID of the item in the form input
How to prevent someone from editing a different row by changing the id in the querystring? |
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 19 January 2005 : 03:50:40
|
This is a sample Insert SQL. The problem I have with it is that it's calling all rows in the SQL which isn't necessary. What do you think of this insert method? How would you change it?
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "Select * From Users"
'Query the database
rsCheckUser.Open strSQL, strCon,3,3
'Check if card number don't already exist
do while not rsCheckUser.EOF
if rsCheckUser("U_ID")=UserID then
set rsCheckUser=nothing
set strcon=nothing
Response.Redirect("already.asp?UserId=" & UserID & "&u_address=" & U_Address & "&u_city=" & U_City & "&u_phone=" & U_Phone & "&u_fax=" & U_Fax & "&newsletter=" & email_subscribe & "&access=" & access & "&first_name=" & first_name & "&last_name=" & last_name &"&Birth_Year=" & Birth_Year & "&sex=" & sex & "&e_mail=" & e_mail & "&Category=" & Category & "&www=" & www & "&Sec_Ans=" & Encrypt(Sec_ans, "nanosoft") & "&xor=" & Encrypt(Password, "nanosoft") & "&Country=" & Country & "&State=" & state & "&E_Mail_Pro=" & E_Mail_Pro & "&Zip=" & Zip & "&xor2=" & Encrypt(Password2, "nanosoft") & "&key_con=" & key_con & "&key_ent=" & key_ent & "&PhotoURL=" & PhotoURL &"&Sec_ques=" & Sec_ques & "&idkey=" & Key_ent &"&token=" & Request.Form("token") & "&cryptKey=" & Request.Form("cryptKey") & "")
end if
rsCheckUser.MoveNext
loop
code = UserID+RandomPW(10)
'Add a record
rsCheckUser.AddNew
'Put username and password in record
rsCheckUser("U_ID")=formatSQLInput(UserID)
rsCheckUser("U_FIRST")=first_name
rsCheckUser("U_LAST")=last_name
rsCheckUser("U_SEX")=sex
rsCheckUser("Birth_Year")=Birth_Year
rsCheckUser("U_EMAIL")=e_mail
rsCheckUser("Category")=Category
rsCheckUser("PhotoURL")=PhotoURL
rsCheckUser("www")=www
rsCheckUser("U_Password")=objMD5.HEXMD5
rsCheckUser("Sec_Ans")=Sec_ans
rsCheckUser("U_Country")=Country
rsCheckUser("U_State")=State
rsCheckUser("E_Mail_Pro")=E_Mail_Pro
rsCheckUser("U_Zip")=Zip
rsCheckUser("Date_join") = Now()
rsCheckUser("Activation_Code") = code
rsCheckUser("Sec_ques") = Sec_ques
rsCheckUser("u_address") = u_address
rsCheckUser("u_city") = u_city
rsCheckUser("u_phone") = u_phone
rsCheckUser("u_fax") = u_fax
rsCheckUser("email_subscribe") = newsletter
rsCheckUser("access") = access
rsCheckUser("Remote_IP") = Request.Servervariables("REMOTE_ADDR")
'Save record
rsCheckUser.Update
set rsCheckUser=nothing
set strcon=nothing
|
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 19 January 2005 : 04:32:42
|
quote:
Originally posted by Astralis
Forms? Why would there be more than one, if that's what you meant.?
Because I assumed you'd need an individual form for each action.. Maybe I'm mis-understanding...
quote:
Originally posted by Astralis
quote:
'### put your edit sql here, grabbing the appropriate form values
'### I usually put the ID of the item in the form input
How to prevent someone from editing a different row by changing the id in the querystring?
Its not in the querystring, its in a hidden form element...
quote:
Originally posted by Astralis
This is a sample Insert SQL. The problem I have with it is that it's calling all rows in the SQL which isn't necessary. What do you think of this insert method? How would you change it?
I dont use recordsets when inserting or updating... or deleting (except to strictly recieve data), I use SQL queries executed by the database connection object. So I cant really comment on that code... |
-Stim |
Edited by - Da_Stimulator on 19 January 2005 04:37:07 |
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 19 January 2005 : 05:53:50
|
You wouldn't need a separate form for each action, just separate submit buttons for each and then just check them with a simple if or case statement
If Request.Form("submit") = "Delete" then
If Request.Form("submit") = "Update" then |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 19 January 2005 : 16:35:26
|
Ah....there it is. Thanks Gremlin.
Da_Stimulator. Thanks. I agree. I'm not going to use the recordset. And, I'll hide the id in the form. |
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 20 January 2005 : 02:07:02
|
| Does anyone have a page they can show as an example? I've got a page I've put together but I'm surprised that I need to make a SQL Query for each subfunction. I have a LOT of fields to update. |
|
|
| |
Topic |
|
Topic Locked
