<%
' Get and validate all inputs
Dim modelnumber, vendorid, notes, documentationpath
Dim newvendorname, isprinter, ispc, ismachine
Dim modelisprinter, modelispc, modelismachine
modelnumber = Trim(Request.Form("modelnumber"))
vendorid = Trim(Request.Form("vendorid"))
notes = Trim(Request.Form("notes"))
documentationpath = Trim(Request.Form("documentationpath"))
' New vendor fields
newvendorname = Trim(Request.Form("newvendorname"))
isprinter = Request.Form("isprinter")
ispc = Request.Form("ispc")
ismachine = Request.Form("ismachine")
' Model type checkboxes
modelisprinter = Request.Form("modelisprinter")
modelispc = Request.Form("modelispc")
modelismachine = Request.Form("modelismachine")
' Validate required fields
If modelnumber = "" Then
Response.Write("
Error: Model number is required.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
' Validate field lengths
If Len(modelnumber) > 255 Then
Response.Write("
Error: Model number too long.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
If Len(notes) > 255 Then
Response.Write("
Error: Notes too long.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
If Len(documentationpath) > 255 Then
Response.Write("
Error: Documentation path too long.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
' Check if we need to create a new vendor first
If vendorid = "new" Then
If newvendorname = "" Then
Response.Write("
Error: Manufacturer name is required when adding a new manufacturer.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
If Len(newvendorname) > 50 Then
Response.Write("
Error: Manufacturer name too long.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
' Check if vendor already exists using parameterized query
Dim checkSQL, rsCheck, cmdCheck
checkSQL = "SELECT COUNT(*) as cnt FROM vendors WHERE LOWER(vendor) = LOWER(?)"
Set cmdCheck = Server.CreateObject("ADODB.Command")
cmdCheck.ActiveConnection = objConn
cmdCheck.CommandText = checkSQL
cmdCheck.CommandType = 1
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@vendor", 200, 1, 50, newvendorname)
Set rsCheck = cmdCheck.Execute
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("cnt")) Then
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
Response.Write("
Error: Manufacturer '" & Server.HTMLEncode(Request.Form("newvendorname")) & "' already exists.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
End If
End If
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
' Convert vendor checkboxes
Dim iPrint, iPC, iMach
If isprinter = "1" Then iPrint = 1 Else iPrint = 0
If ispc = "1" Then iPC = 1 Else iPC = 0
If ismachine = "1" Then iMach = 1 Else iMach = 0
' Insert new vendor using parameterized query
Dim vendorSQL, cmdVendor
vendorSQL = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES (?, 1, ?, ?, ?)"
Set cmdVendor = Server.CreateObject("ADODB.Command")
cmdVendor.ActiveConnection = objConn
cmdVendor.CommandText = vendorSQL
cmdVendor.CommandType = 1
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@vendor", 200, 1, 50, newvendorname)
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@isprinter", 3, 1, , iPrint)
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@ispc", 3, 1, , iPC)
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@ismachine", 3, 1, , iMach)
On Error Resume Next
cmdVendor.Execute
If Err.Number <> 0 Then
Response.Write("
Error creating manufacturer: " & Server.HTMLEncode(Err.Description) & "
")
Response.Write("
Go back")
Set cmdVendor = Nothing
objConn.Close
Response.End
End If
' Get the new vendor ID
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
vendorid = 0
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("newid")) Then
vendorid = CLng(rsCheck("newid"))
End If
End If
rsCheck.Close
Set rsCheck = Nothing
Set cmdVendor = Nothing
On Error Goto 0
Else
' Validate existing vendor ID
If Not IsNumeric(vendorid) Or CLng(vendorid) < 1 Then
Response.Write("
Error: Invalid manufacturer ID.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
End If
' Update vendor's type flags based on model type selection
If modelisprinter = "1" OR modelispc = "1" OR modelismachine = "1" Then
Dim updateVendorSQL, cmdUpdateVendor
updateVendorSQL = "UPDATE vendors SET isprinter = CASE WHEN ? = 1 THEN 1 ELSE isprinter END, " & _
"ispc = CASE WHEN ? = 1 THEN 1 ELSE ispc END, " & _
"ismachine = CASE WHEN ? = 1 THEN 1 ELSE ismachine END " & _
"WHERE vendorid = ?"
Set cmdUpdateVendor = Server.CreateObject("ADODB.Command")
cmdUpdateVendor.ActiveConnection = objConn
cmdUpdateVendor.CommandText = updateVendorSQL
cmdUpdateVendor.CommandType = 1
Dim printerFlag, pcFlag, machineFlag
If modelisprinter = "1" Then printerFlag = 1 Else printerFlag = 0
If modelispc = "1" Then pcFlag = 1 Else pcFlag = 0
If modelismachine = "1" Then machineFlag = 1 Else machineFlag = 0
cmdUpdateVendor.Parameters.Append cmdUpdateVendor.CreateParameter("@isprinter", 3, 1, , printerFlag)
cmdUpdateVendor.Parameters.Append cmdUpdateVendor.CreateParameter("@ispc", 3, 1, , pcFlag)
cmdUpdateVendor.Parameters.Append cmdUpdateVendor.CreateParameter("@ismachine", 3, 1, , machineFlag)
cmdUpdateVendor.Parameters.Append cmdUpdateVendor.CreateParameter("@vendorid", 3, 1, , CLng(vendorid))
cmdUpdateVendor.Execute
Set cmdUpdateVendor = Nothing
End If
' Check if model already exists for this vendor using parameterized query
checkSQL = "SELECT COUNT(*) as cnt FROM models WHERE LOWER(modelnumber) = LOWER(?) AND vendorid = ?"
Set cmdCheck = Server.CreateObject("ADODB.Command")
cmdCheck.ActiveConnection = objConn
cmdCheck.CommandText = checkSQL
cmdCheck.CommandType = 1
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@modelnumber", 200, 1, 255, modelnumber)
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@vendorid", 3, 1, , CLng(vendorid))
Set rsCheck = cmdCheck.Execute
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("cnt")) Then
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
Response.Write("
Error: Model '" & Server.HTMLEncode(Request.Form("modelnumber")) & "' already exists for this manufacturer.
")
Response.Write("
Go back")
objConn.Close
Response.End
End If
End If
End If
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
' Insert the new model using parameterized query
Dim modelSQL, cmdModel
modelSQL = "INSERT INTO models (modelnumber, vendorid, notes, documentationpath, isactive) VALUES (?, ?, ?, ?, 1)"
Set cmdModel = Server.CreateObject("ADODB.Command")
cmdModel.ActiveConnection = objConn
cmdModel.CommandText = modelSQL
cmdModel.CommandType = 1
cmdModel.Parameters.Append cmdModel.CreateParameter("@modelnumber", 200, 1, 255, modelnumber)
cmdModel.Parameters.Append cmdModel.CreateParameter("@vendorid", 3, 1, , CLng(vendorid))
cmdModel.Parameters.Append cmdModel.CreateParameter("@notes", 200, 1, 255, notes)
cmdModel.Parameters.Append cmdModel.CreateParameter("@documentationpath", 200, 1, 255, documentationpath)
On Error Resume Next
cmdModel.Execute
If Err.Number <> 0 Then
Response.Write("
Error: " & Server.HTMLEncode(Err.Description) & "
")
Response.Write("
Go back")
Set cmdModel = Nothing
objConn.Close
Response.End
End If
' Get the new model ID
Dim newModelId
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
newModelId = 0
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("newid")) Then
newModelId = CLng(rsCheck("newid"))
End If
End If
rsCheck.Close
Set rsCheck = Nothing
Set cmdModel = Nothing
On Error Goto 0
objConn.Close
If newModelId > 0 Then
Response.Write("
Model added successfully!
")
Response.Write("
Model '" & Server.HTMLEncode(Request.Form("modelnumber")) & "' has been added.
")
Response.Write("
Add Another Model ")
Response.Write("Add Printer ")
Response.Write("Add Machine
")
Else
Response.Write("
Error: Model was not added successfully.
")
Response.Write("
Go back")
End If
%>