<%
' Get all form data
Dim appid, appname, appdescription, supportteamid
Dim applicationnotes, installpath, applicationlink, documentationpath, image
Dim isinstallable, isactive, ishidden, isprinter, islicenced
Dim newsupportteamname, newsupportteamurl, newappownerid
appid = Request.Form("appid")
appname = Trim(Request.Form("appname"))
appdescription = Trim(Request.Form("appdescription"))
supportteamid = Trim(Request.Form("supportteamid"))
applicationnotes = Trim(Request.Form("applicationnotes"))
installpath = Trim(Request.Form("installpath"))
applicationlink = Trim(Request.Form("applicationlink"))
documentationpath = Trim(Request.Form("documentationpath"))
image = Trim(Request.Form("image"))
' New support team fields
newsupportteamname = Trim(Request.Form("newsupportteamname"))
newsupportteamurl = Trim(Request.Form("newsupportteamurl"))
newappownerid = Trim(Request.Form("newappownerid"))
' Checkboxes
If Request.Form("isinstallable") = "1" Then isinstallable = 1 Else isinstallable = 0
If Request.Form("isactive") = "1" Then isactive = 1 Else isactive = 0
If Request.Form("ishidden") = "1" Then ishidden = 1 Else ishidden = 0
If Request.Form("isprinter") = "1" Then isprinter = 1 Else isprinter = 0
If Request.Form("islicenced") = "1" Then islicenced = 1 Else islicenced = 0
' Check if we need to create a new support team first
If supportteamid = "new" Then
If newsupportteamname = "" Then
Response.Write("Error: Support team name is required.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If Len(newsupportteamname) > 50 Then
Response.Write("Error: Support team name too long.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Escape quotes for support team name and URL
Dim escapedTeamName, escapedTeamUrl
escapedTeamName = Replace(newsupportteamname, "'", "''")
escapedTeamUrl = Replace(newsupportteamurl, "'", "''")
' Check if support team already exists
Dim checkSQL, rsCheck
checkSQL = "SELECT COUNT(*) as cnt FROM supportteams WHERE LOWER(teamname) = LOWER('" & escapedTeamName & "')"
Set rsCheck = objConn.Execute(checkSQL)
If rsCheck.EOF Then
rsCheck.Close
Response.Write("Error: Database query failed.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Response.Write("Error: Support team '" & Server.HTMLEncode(newsupportteamname) & "' already exists.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
rsCheck.Close
' Check if we need to create a new app owner first (nested creation)
If newappownerid = "new" Then
Dim newappownername, newappownersso
newappownername = Trim(Request.Form("newappownername"))
newappownersso = Trim(Request.Form("newappownersso"))
If newappownername = "" Or newappownersso = "" Then
Response.Write("Error: App owner name and SSO are required.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If Len(newappownername) > 50 Or Len(newappownersso) > 50 Then
Response.Write("Error: App owner name or SSO too long.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Escape quotes
Dim escapedOwnerName, escapedSSO
escapedOwnerName = Replace(newappownername, "'", "''")
escapedSSO = Replace(newappownersso, "'", "''")
' Check if app owner already exists
checkSQL = "SELECT COUNT(*) as cnt FROM appowners WHERE LOWER(appowner) = LOWER('" & escapedOwnerName & "') OR LOWER(sso) = LOWER('" & escapedSSO & "')"
Set rsCheck = objConn.Execute(checkSQL)
If rsCheck.EOF Then
rsCheck.Close
Response.Write("Error: Database query failed (app owner check).
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Response.Write("Error: App owner with this name or SSO already exists.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
rsCheck.Close
' Insert new app owner
Dim ownerSQL
ownerSQL = "INSERT INTO appowners (appowner, sso, isactive) VALUES ('" & escapedOwnerName & "', '" & escapedSSO & "', 1)"
On Error Resume Next
objConn.Execute ownerSQL
If Err.Number <> 0 Then
Response.Write("Error creating app owner: " & Err.Description & "
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Get the new app owner ID
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
newappownerid = rsCheck("newid")
rsCheck.Close
Else
' Validate existing app owner ID (only if not empty and not "new")
If newappownerid <> "" And newappownerid <> "new" Then
If Not IsNumeric(newappownerid) Or CLng(newappownerid) < 1 Then
Response.Write("Error: Invalid app owner.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
End If
End If
' Insert new support team
Dim teamSQL
teamSQL = "INSERT INTO supportteams (teamname, teamurl, appownerid, isactive) VALUES ('" & escapedTeamName & "', '" & escapedTeamUrl & "', " & newappownerid & ", 1)"
On Error Resume Next
objConn.Execute teamSQL
If Err.Number <> 0 Then
Response.Write("Error creating support team: " & Err.Description & "
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Get the new support team ID
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
supportteamid = rsCheck("newid")
rsCheck.Close
Else
' Validate existing support team ID (only if not empty and not "new")
If supportteamid <> "" And supportteamid <> "new" Then
If Not IsNumeric(supportteamid) Or CLng(supportteamid) < 1 Then
Response.Write("Error: Invalid support team ID.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
End If
End If
' Escape backslashes and single quotes for SQL
' Must escape backslashes FIRST, then quotes
appname = Replace(appname, "\", "\\")
appname = Replace(appname, "'", "''")
appdescription = Replace(appdescription, "\", "\\")
appdescription = Replace(appdescription, "'", "''")
applicationnotes = Replace(applicationnotes, "\", "\\")
applicationnotes = Replace(applicationnotes, "'", "''")
installpath = Replace(installpath, "\", "\\")
installpath = Replace(installpath, "'", "''")
applicationlink = Replace(applicationlink, "\", "\\")
applicationlink = Replace(applicationlink, "'", "''")
documentationpath = Replace(documentationpath, "\", "\\")
documentationpath = Replace(documentationpath, "'", "''")
image = Replace(image, "\", "\\")
image = Replace(image, "'", "''")
' Build UPDATE statement
Dim strSQL
strSQL = "UPDATE applications SET " & _
"appname = '" & appname & "', " & _
"appdescription = '" & appdescription & "', " & _
"supportteamid = " & supportteamid & ", " & _
"applicationnotes = '" & applicationnotes & "', " & _
"installpath = '" & installpath & "', " & _
"applicationlink = '" & applicationlink & "', " & _
"documentationpath = '" & documentationpath & "', " & _
"image = '" & image & "', " & _
"isinstallable = " & isinstallable & ", " & _
"isactive = " & isactive & ", " & _
"ishidden = " & ishidden & ", " & _
"isprinter = " & isprinter & ", " & _
"islicenced = " & islicenced & " " & _
"WHERE appid = " & appid
On Error Resume Next
objConn.Execute strSQL
If Err.Number = 0 Then
objConn.Close
Response.Redirect("displayapplication.asp?appid=" & appid)
Else
Response.Write("Error: " & Err.Description)
objConn.Close
End If
%>