javascript asp教程添加和修改
The Connection Execute():
If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.
For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.
Get Started:
Below is the script for Lesson 19.
<%@LANGUAGE="JavaScript"%> var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;" <!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common Files\System\ado\msado15.dll" --> <HTML> <HEAD> <TITLE>Administrator Page - Changing the Mailing List</TITLE> </HEAD> <BODY LINK="red" VLINK="red" ALINK="crimson"> <H2>Administrator Page</H2> <H3>Changing a the Mailing List</H3> <% if (Request.Form("Delete") > "") { var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";" } else { var firstName = new String(Request.Form("firstName")) var lastName = new String(Request.Form("lastName")) var Address = new String(Request.Form("Address")) var City = new String(Request.Form("City")) var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, ''');lastName = lastName.replace(myRegExp, '''); Address = Address.replace(myRegExp, '''); City = City.replace(myRegExp, '''); var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='" sql += lastName + "' , Address='" + Address + "' , City='" sql += City + "' , State='" + Request.Form("State") + "' , Zip='" sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";" } var objConn=Server.CreateObject("ADODB.Connection"); objConn.Open(strConnect) objConn.Execute(sql) objConn.Close() objConn = null; Response.Write("The member has been updated in the database.") Response.Write("<A HREF=\"../files/committee.asp\">") Response.Write("Click here to see it.</A>") %>
There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.
Danger in The Single Quote:
You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.
var myRegExp = /[']/g; firstName = firstName.replace(myRegExp, ''');
The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.
Execute( ):
The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.
- javascript asp教程添加和修改
- JavaScript组件之JQuery(A~Z)教程(基于Asp.net运行环境)[示例代码下载]
- JavaScript组件之JQuery(A~Z)教程(基于Asp.net运行环境)[示例代码下载]
- JavaScript组件之JQuery(A~Z)教程(基于Asp.net运行环境)[示例代码下载]
- JavaScript组件之JQuery(A~Z)教程(基于Asp.net运行环境)[示例代码下载]
- 为ASP.NET控件添加常用的JavaScript操作
- Scott Mitchell 的ASP.NET 2.0数据教程之二十三:基于用户对修改数据进行限制
- Scott Mitchell 的ASP.NET 2.0数据教程之四十二::为删除数据添加客户端确认
- JavaScript组件之JQuery(A~Z)教程(基于Asp.net运行环境)一
- asp.net treeview数据库绑定 (节点添加 删除 修改)
- 为ASP.NET控件添加常用的JavaScript操作
- asp.net 动态添加JavaScript方法
- 在Web.Config文件中使用configSource,避免动态修改web.config导致asp.net重启(另添加一个Config文件用于管理用户数据)
- javascript添加、删除、修改等元素
- 我修改/收藏的CSDN知识.(asp.net JavaScript)( 随时更新)
- Scott Mitchell 的ASP.NET 2.0数据教程之三十九:: 在编辑和插入界面里添加验证控件
- 【译】ASP.NET MVC 5 教程 - 2:添加控制器
- 【译】ASP.NET MVC 5 教程 - 4:添加模型
- ASP.NET 5系列教程 (四):向视图中添加服务和发布应用到公有云
- javascript里面的数组,json对象,动态添加,修改,删除示例