<%
' Initialize error handling
Call InitializeErrorHandling("savenotification.asp")
' Get form inputs
Dim notification, ticketnumber, starttime, endtime, isactive
notification = Trim(Request.Form("notification"))
ticketnumber = Trim(Request.Form("ticketnumber"))
starttime = Trim(Request.Form("starttime"))
endtime = Trim(Request.Form("endtime"))
' Checkbox - ensure it is always integer 0 or 1
If Request.Form("isactive") = "1" Then
isactive = 1
Else
isactive = 0
End If
' Validate required fields
If Len(notification) = 0 Or Len(starttime) = 0 Or Len(endtime) = 0 Then
Call HandleValidationError("addnotification.asp", "REQUIRED_FIELD")
End If
' Validate field lengths
If Len(notification) > 500 Then
Call HandleValidationError("addnotification.asp", "INVALID_INPUT")
End If
If Len(ticketnumber) > 50 Then
Call HandleValidationError("addnotification.asp", "INVALID_INPUT")
End If
' Convert datetime-local format (YYYY-MM-DDTHH:MM) to MySQL format (YYYY-MM-DD HH:MM:SS)
starttime = Replace(starttime, "T", " ") & ":00"
endtime = Replace(endtime, "T", " ") & ":00"
' Insert using parameterized query
Dim strSQL, recordsAffected
strSQL = "INSERT INTO notifications (notification, ticketnumber, starttime, endtime, isactive) VALUES (?, ?, ?, ?, ?)"
recordsAffected = ExecuteParameterizedInsert(objConn, strSQL, Array(notification, ticketnumber, starttime, endtime, CInt(isactive)))
' Cleanup and redirect
Call CleanupResources()
If recordsAffected > 0 Then
Response.Redirect("displaynotifications.asp")
Else
Response.Write("")
Response.Write("Error: Could not add notification.
")
Response.Write("Go Back
")
Response.Write("")
End If
%>