<% ' Get form inputs Dim vlan, ipstart, cidr, description, subnettypeid, cidrarray, ipend vlan = Trim(Request.Form("vlan")) ipstart = Trim(Request.Form("ipstart")) cidr = Trim(Request.Form("cidr")) description = Trim(Request.Form("description")) subnettypeid = Trim(Request.Form("subnettypeid")) ' Validate required fields If vlan = "" Or ipstart = "" Or cidr = "" Or subnettypeid = "" Then objConn.Close ShowError "Required field missing.", "addsubnet.asp" Response.End End If ' Validate VLAN is numeric If Not IsNumeric(vlan) Then objConn.Close ShowError "VLAN must be numeric.", "addsubnet.asp" Response.End End If ' Basic IP address validation If Len(ipstart) < 7 Or Len(ipstart) > 15 Then objConn.Close ShowError "Invalid IP address.", "addsubnet.asp" Response.End End If ' Validate subnet type ID If Not IsNumeric(subnettypeid) Or CLng(subnettypeid) < 1 Then objConn.Close ShowError "Invalid subnet type.", "addsubnet.asp" Response.End End If ' Parse CIDR value (expected format: "cidr,ipend") If InStr(cidr, ",") = 0 Then objConn.Close ShowError "Invalid CIDR format.", "addsubnet.asp" Response.End End If cidrarray = Split(cidr, ",") If UBound(cidrarray) < 1 Then objConn.Close ShowError "Invalid CIDR format.", "addsubnet.asp" Response.End End If ipend = Trim(cidrarray(1)) cidr = Trim(cidrarray(0)) ' Strip leading "/" if present (dropdown values include it) If Left(cidr, 1) = "/" Then cidr = Mid(cidr, 2) End If ' Validate CIDR is numeric If Not IsNumeric(cidr) Or CInt(cidr) < 0 Or CInt(cidr) > 32 Then objConn.Close ShowError "CIDR must be between 0 and 32.", "addsubnet.asp" Response.End End If ' Validate ipend is numeric If Not IsNumeric(ipend) Then objConn.Close ShowError "Invalid IP end value.", "addsubnet.asp" Response.End End If ' Validate description length If Len(description) > 500 Then objConn.Close ShowError "Description too long.", "addsubnet.asp" Response.End End If ' Verify subnet type exists using parameterized query Dim checkSQL, rsCheck, cmdCheck checkSQL = "SELECT COUNT(*) as cnt FROM subnettypes WHERE subnettypeid = ?" Set cmdCheck = Server.CreateObject("ADODB.Command") cmdCheck.ActiveConnection = objConn cmdCheck.CommandText = checkSQL cmdCheck.CommandType = 1 cmdCheck.Parameters.Append cmdCheck.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid)) Set rsCheck = cmdCheck.Execute If Not rsCheck.EOF Then If Not IsNull(rsCheck("cnt")) Then If CLng(rsCheck("cnt")) = 0 Then rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing objConn.Close ShowError "Subnet type not found.", "addsubnet.asp" Response.End End If End If End If rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing ' Insert using parameterized query ' Note: INET_ATON requires the IP address, ipend is added to the result Dim strSQL, cmdInsert strSQL = "INSERT INTO subnets (vlan, description, cidr, ipstart, ipend, subnettypeid, isactive) " & _ "VALUES (?, ?, ?, INET_ATON(?), (INET_ATON(?) + ?), ?, 1)" Set cmdInsert = Server.CreateObject("ADODB.Command") cmdInsert.ActiveConnection = objConn cmdInsert.CommandText = strSQL cmdInsert.CommandType = 1 cmdInsert.Parameters.Append cmdInsert.CreateParameter("@vlan", 3, 1, , CLng(vlan)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@description", 200, 1, 500, description) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@cidr", 3, 1, , CInt(cidr)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart1", 200, 1, 15, ipstart) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart2", 200, 1, 15, ipstart) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipend", 3, 1, , CLng(ipend)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid)) On Error Resume Next cmdInsert.Execute If Err.Number = 0 Then Set cmdInsert = Nothing objConn.Close ShowSuccess "Subnet added successfully.", "displaysubnets.asp", "subnets" Else Dim insertErr insertErr = Err.Description Set cmdInsert = Nothing objConn.Close ShowError "Error: " & Server.HTMLEncode(insertErr), "addsubnet.asp" End If %>