<% Dim vendor, isprinter, ispc, ismachine vendor = Trim(Request.Form("vendor")) isprinter = Request.Form("isprinter") ispc = Request.Form("ispc") ismachine = Request.Form("ismachine") ' Validate If vendor = "" Then objConn.Close ShowError "Error: Manufacturer name is required.", "addvendor.asp" Response.End End If If Len(vendor) > 50 Then objConn.Close ShowError "Error: Manufacturer name too long.", "addvendor.asp" Response.End End If If isprinter <> "1" AND ispc <> "1" AND ismachine <> "1" Then objConn.Close ShowError "Error: Please select at least one category.", "addvendor.asp" Response.End End If ' Check if vendor exists using parameterized query Dim checkSQL, rsCheck, cmdCheck checkSQL = "SELECT COUNT(*) as cnt FROM vendors WHERE LOWER(vendor) = LOWER(?)" Set cmdCheck = Server.CreateObject("ADODB.Command") cmdCheck.ActiveConnection = objConn cmdCheck.CommandText = checkSQL cmdCheck.CommandType = 1 cmdCheck.Parameters.Append cmdCheck.CreateParameter("@vendor", 200, 1, 50, vendor) Set rsCheck = cmdCheck.Execute If Not rsCheck.EOF Then If Not IsNull(rsCheck("cnt")) Then If CLng(rsCheck("cnt")) > 0 Then rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing objConn.Close ShowError "Error: Manufacturer '" & Server.HTMLEncode(vendor) & "' already exists.", "addvendor.asp" Response.End End If End If End If rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing ' Convert checkboxes Dim iPrint, iPC, iMach If isprinter = "1" Then iPrint = 1 Else iPrint = 0 If ispc = "1" Then iPC = 1 Else iPC = 0 If ismachine = "1" Then iMach = 1 Else iMach = 0 ' INSERT using parameterized query Dim vendorSQL, cmdVendor vendorSQL = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES (?, 1, ?, ?, ?)" Set cmdVendor = Server.CreateObject("ADODB.Command") cmdVendor.ActiveConnection = objConn cmdVendor.CommandText = vendorSQL cmdVendor.CommandType = 1 cmdVendor.Parameters.Append cmdVendor.CreateParameter("@vendor", 200, 1, 50, vendor) cmdVendor.Parameters.Append cmdVendor.CreateParameter("@isprinter", 3, 1, , iPrint) cmdVendor.Parameters.Append cmdVendor.CreateParameter("@ispc", 3, 1, , iPC) cmdVendor.Parameters.Append cmdVendor.CreateParameter("@ismachine", 3, 1, , iMach) On Error Resume Next cmdVendor.Execute If Err.Number <> 0 Then Set cmdVendor = Nothing objConn.Close ShowError "Error: " & Server.HTMLEncode(Err.Description), "addvendor.asp" Response.End End If Set cmdVendor = Nothing On Error Goto 0 ' Get the newly created vendor ID Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid") Dim newVendorId newVendorId = 0 If Not rsCheck.EOF Then If Not IsNull(rsCheck("newid")) Then newVendorId = CLng(rsCheck("newid")) End If End If rsCheck.Close Set rsCheck = Nothing objConn.Close If newVendorId > 0 Then ShowSuccess "Manufacturer '" & Server.HTMLEncode(Request.Form("vendor")) & "' added successfully.", "addvendor.asp", "add another" Else ShowError "Manufacturer was not added.", "addvendor.asp" End If %>