|
| |
| aspID# |
<%
' Substitute in form parameters into the query string
fp_sQry = "%%asp%%"
fp_sDefault = ""
fp_sNoRecords = "No Records Returned"
fp_iMaxRecords = 0
fp_iTimeout = 0
fp_iCurrent = 1
fp_fError = False
fp_bBlankField = False
If fp_iTimeout <> 0 Then Server.ScriptTimeout = fp_iTimeout
Do While (Not fp_fError) And (InStr(fp_iCurrent, fp_sQry, "%%") <> 0)
' found a opening quote, find the close quote
fp_iStart = InStr(fp_iCurrent, fp_sQry, "%%")
fp_iEnd = InStr(fp_iStart + 2, fp_sQry, "%%")
If fp_iEnd = 0 Then
fp_fError = True
Response.Write "Database Region Error: mismatched parameter delimiters"
Else
fp_sField = Mid(fp_sQry, fp_iStart + 2, fp_iEnd - fp_iStart - 2)
If Mid(fp_sField,1,1) = "%" Then
fp_sWildcard = "%"
fp_sField = Mid(fp_sField, 2)
Else
fp_sWildCard = ""
End If
fp_sValue = Request.Form(fp_sField)
' if the named form field doesn't exist, make a note of it
If (len(fp_sValue) = 0) Then
fp_iCurrentField = 1
fp_bFoundField = False
Do While (InStr(fp_iCurrentField, fp_sDefault, fp_sField) <> 0) _
And Not fp_bFoundField
fp_iCurrentField = InStr(fp_iCurrentField, fp_sDefault, fp_sField)
fp_iStartField = InStr(fp_iCurrentField, fp_sDefault, "=")
If fp_iStartField = fp_iCurrentField + len(fp_sField) Then
fp_iEndField = InStr(fp_iCurrentField, fp_sDefault, "&")
If (fp_iEndField = 0) Then fp_iEndField = len(fp_sDefault) + 1
fp_sValue = Mid(fp_sDefault, fp_iStartField+1, fp_iEndField-1)
fp_bFoundField = True
Else
fp_iCurrentField = fp_iCurrentField + len(fp_sField) - 1
End If
Loop
End If
' this next finds the named form field value, and substitutes in
' doubled single-quotes for all single quotes in the literal value
' so that SQL doesn't get confused by seeing unpaired single-quotes
If (Mid(fp_sQry, fp_iStart - 1, 1) = """") Then
fp_sValue = Replace(fp_sValue, """", """""")
ElseIf (Mid(fp_sQry, fp_iStart - 1, 1) = "'") Then
fp_sValue = Replace(fp_sValue, "'", "''")
ElseIf Not IsNumeric(fp_sValue) Then
fp_sValue = ""
End If
If (len(fp_sValue) = 0) Then fp_bBlankField = True
fp_sQry = Left(fp_sQry, fp_iStart - 1) + fp_sWildCard + fp_sValue + _
Right(fp_sQry, Len(fp_sQry) - fp_iEnd - 1)
' Fixup the new current position to be after the substituted value
fp_iCurrent = fp_iStart + Len(fp_sValue) + Len(fp_sWildCard)
End If
Loop
If Not fp_fError Then
' Use the connection string directly as entered from the wizard
On Error Resume Next
set fp_rs = CreateObject("ADODB.Recordset")
If fp_iMaxRecords <> 0 Then fp_rs.MaxRecords = fp_iMaxRecords
fp_rs.Open fp_sQry, "DSN=cyberstreet.com;UID=asp;PWD=aspInc"
If Err.Description <> "" Then
Response.Write "Database Error: " + Err.Description + ""
if fp_bBlankField Then
Response.Write " One or more form fields were empty."
End If
Else
' Check for the no-record case
If fp_rs.EOF And fp_rs.BOF Then
Response.Write fp_sNoRecords
Else
' Start a while loop to fetch each record in the result set
Do Until fp_rs.EOF
%>
| <%
If Not IsEmpty(fp_rs) And Not (fp_rs Is Nothing) Then Response.Write CStr(fp_rs("aspID#"))
%>
|
<%
' Close the loop iterating records
fp_rs.MoveNext
Loop
End If
fp_rs.Close
' Close the If condition checking for a connection error
End If
' Close the If condition checking for a parse error when replacing form field params
End If
set fp_rs = Nothing
%>
|