<% '============================================================================= ' FILE: savemachine_direct.asp ' PURPOSE: Create new machine with nested entity creation (vendor, model, machine type, functional account, business unit) ' SECURITY: Parameterized queries, HTML encoding, input validation ' UPDATED: 2025-10-27 - Migrated to secure patterns '============================================================================= %>
<% ' Get and validate all inputs Dim machinenumber, modelid, machinetypeid, businessunitid, alias, machinenotes, mapleft, maptop machinenumber = Trim(Request.Form("machinenumber")) modelid = Trim(Request.Form("modelid")) machinetypeid = Trim(Request.Form("machinetypeid")) businessunitid = Trim(Request.Form("businessunitid")) alias = Trim(Request.Form("alias")) machinenotes = Trim(Request.Form("machinenotes")) mapleft = Trim(Request.Form("mapleft")) maptop = Trim(Request.Form("maptop")) ' Get form inputs for new business unit Dim newbusinessunit newbusinessunit = Trim(Request.Form("newbusinessunit")) ' Get form inputs for new machine type Dim newmachinetype, newmachinedescription, newfunctionalaccountid newmachinetype = Trim(Request.Form("newmachinetype")) newmachinedescription = Trim(Request.Form("newmachinedescription")) newfunctionalaccountid = Trim(Request.Form("newfunctionalaccountid")) ' Get form inputs for new functional account Dim newfunctionalaccount newfunctionalaccount = Trim(Request.Form("newfunctionalaccount")) ' Get form inputs for new model Dim newmodelnumber, newvendorid, newmodelimage newmodelnumber = Trim(Request.Form("newmodelnumber")) newvendorid = Trim(Request.Form("newvendorid")) newmodelimage = Trim(Request.Form("newmodelimage")) ' Get form inputs for new vendor Dim newvendorname newvendorname = Trim(Request.Form("newvendorname")) ' Validate required fields If machinenumber = "" Then Response.Write("
Error: Machine number is required.
") Response.Write("Go back") objConn.Close Response.End End If ' Validate ID fields - allow "new" as a valid value If modelid <> "new" And Not IsNumeric(modelid) Then Response.Write("
Error: Invalid model ID.
") Response.Write("Go back") objConn.Close Response.End End If If machinetypeid <> "new" And Not IsNumeric(machinetypeid) Then Response.Write("
Error: Invalid machine type ID.
") Response.Write("Go back") objConn.Close Response.End End If If businessunitid <> "new" And Not IsNumeric(businessunitid) Then Response.Write("
Error: Invalid business unit ID.
") Response.Write("Go back") objConn.Close Response.End End If ' Validate field lengths If Len(machinenumber) > 50 Or Len(alias) > 50 Then Response.Write("
Error: Field length exceeded.
") Response.Write("Go back") objConn.Close Response.End End If ' Check if machine number already exists Dim checkSQL, rsCheck, cmdCheck checkSQL = "SELECT COUNT(*) as cnt FROM machines WHERE machinenumber = ?" Set cmdCheck = Server.CreateObject("ADODB.Command") cmdCheck.ActiveConnection = objConn cmdCheck.CommandText = checkSQL cmdCheck.CommandType = 1 cmdCheck.Parameters.Append cmdCheck.CreateParameter("@machinenumber", 200, 1, 50, machinenumber) Set rsCheck = cmdCheck.Execute If Not rsCheck.EOF Then If CLng(rsCheck("cnt")) > 0 Then rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing Response.Write("
Error: Machine number '" & Server.HTMLEncode(machinenumber) & "' already exists.
") Response.Write("Go back") objConn.Close Response.End End If End If rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing ' Handle new business unit creation If businessunitid = "new" Then If Len(newbusinessunit) = 0 Then Response.Write("
New business unit name is required
") Response.Write("Go back") objConn.Close Response.End End If If Len(newbusinessunit) > 50 Then Response.Write("
Business unit name too long
") Response.Write("Go back") objConn.Close Response.End End If ' Insert new business unit using parameterized query Dim sqlNewBU, cmdNewBU sqlNewBU = "INSERT INTO businessunits (businessunit, isactive) VALUES (?, 1)" Set cmdNewBU = Server.CreateObject("ADODB.Command") cmdNewBU.ActiveConnection = objConn cmdNewBU.CommandText = sqlNewBU cmdNewBU.CommandType = 1 cmdNewBU.Parameters.Append cmdNewBU.CreateParameter("@businessunit", 200, 1, 50, newbusinessunit) On Error Resume Next cmdNewBU.Execute If Err.Number <> 0 Then Response.Write("
Error creating new business unit: " & Server.HTMLEncode(Err.Description) & "
") Response.Write("Go back") Set cmdNewBU = Nothing objConn.Close Response.End End If ' Get the newly created business unit ID Dim rsNewBU Set rsNewBU = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") businessunitid = CLng(rsNewBU("newid")) rsNewBU.Close Set rsNewBU = Nothing Set cmdNewBU = Nothing On Error Goto 0 End If ' Handle new machine type creation If machinetypeid = "new" Then If Len(newmachinetype) = 0 Then Response.Write("
New machine type name is required
") Response.Write("Go back") objConn.Close Response.End End If If Len(newfunctionalaccountid) = 0 Then Response.Write("
Functional account is required for new machine type
") Response.Write("Go back") objConn.Close Response.End End If If Len(newmachinetype) > 50 Or Len(newmachinedescription) > 255 Then Response.Write("
Machine type field length exceeded
") Response.Write("Go back") objConn.Close Response.End End If ' Handle new functional account creation (nested) If newfunctionalaccountid = "new" Then If Len(newfunctionalaccount) = 0 Then Response.Write("
New functional account name is required
") Response.Write("Go back") objConn.Close Response.End End If If Len(newfunctionalaccount) > 50 Then Response.Write("
Functional account name too long
") Response.Write("Go back") objConn.Close Response.End End If ' Insert new functional account using parameterized query Dim sqlNewFA, cmdNewFA sqlNewFA = "INSERT INTO functionalaccounts (functionalaccount, isactive) VALUES (?, 1)" Set cmdNewFA = Server.CreateObject("ADODB.Command") cmdNewFA.ActiveConnection = objConn cmdNewFA.CommandText = sqlNewFA cmdNewFA.CommandType = 1 cmdNewFA.Parameters.Append cmdNewFA.CreateParameter("@functionalaccount", 200, 1, 50, newfunctionalaccount) On Error Resume Next cmdNewFA.Execute If Err.Number <> 0 Then Response.Write("
Error creating new functional account: " & Server.HTMLEncode(Err.Description) & "
") Response.Write("Go back") Set cmdNewFA = Nothing objConn.Close Response.End End If ' Get the newly created functional account ID Dim rsNewFA Set rsNewFA = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") newfunctionalaccountid = CLng(rsNewFA("newid")) rsNewFA.Close Set rsNewFA = Nothing Set cmdNewFA = Nothing On Error Goto 0 End If ' Insert new machine type using parameterized query Dim sqlNewMT, cmdNewMT sqlNewMT = "INSERT INTO machinetypes (machinetype, machinedescription, functionalaccountid, isactive) VALUES (?, ?, ?, 1)" Set cmdNewMT = Server.CreateObject("ADODB.Command") cmdNewMT.ActiveConnection = objConn cmdNewMT.CommandText = sqlNewMT cmdNewMT.CommandType = 1 cmdNewMT.Parameters.Append cmdNewMT.CreateParameter("@machinetype", 200, 1, 50, newmachinetype) cmdNewMT.Parameters.Append cmdNewMT.CreateParameter("@machinedescription", 200, 1, 255, newmachinedescription) cmdNewMT.Parameters.Append cmdNewMT.CreateParameter("@functionalaccountid", 3, 1, , CLng(newfunctionalaccountid)) On Error Resume Next cmdNewMT.Execute If Err.Number <> 0 Then Response.Write("
Error creating new machine type: " & Server.HTMLEncode(Err.Description) & "
") Response.Write("Go back") Set cmdNewMT = Nothing objConn.Close Response.End End If ' Get the newly created machine type ID Dim rsNewMT Set rsNewMT = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") machinetypeid = CLng(rsNewMT("newid")) rsNewMT.Close Set rsNewMT = Nothing Set cmdNewMT = Nothing On Error Goto 0 End If ' Handle new model creation If modelid = "new" Then If Len(newmodelnumber) = 0 Then Response.Write("
New model number is required
") Response.Write("Go back") objConn.Close Response.End End If If Len(newvendorid) = 0 Then Response.Write("
Vendor is required for new model
") Response.Write("Go back") objConn.Close Response.End End If If Len(newmodelnumber) > 50 Or Len(newmodelimage) > 100 Then Response.Write("
Model field length exceeded
") Response.Write("Go back") objConn.Close Response.End End If ' Handle new vendor creation (nested) If newvendorid = "new" Then If Len(newvendorname) = 0 Then Response.Write("
New vendor name is required
") Response.Write("Go back") objConn.Close Response.End End If If Len(newvendorname) > 50 Then Response.Write("
Vendor name too long
") Response.Write("Go back") objConn.Close Response.End End If ' Insert new vendor using parameterized query (with ismachine=1) Dim sqlNewVendor, cmdNewVendor sqlNewVendor = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES (?, 1, 0, 0, 1)" Set cmdNewVendor = Server.CreateObject("ADODB.Command") cmdNewVendor.ActiveConnection = objConn cmdNewVendor.CommandText = sqlNewVendor cmdNewVendor.CommandType = 1 cmdNewVendor.Parameters.Append cmdNewVendor.CreateParameter("@vendor", 200, 1, 50, newvendorname) On Error Resume Next cmdNewVendor.Execute If Err.Number <> 0 Then Response.Write("
Error creating new vendor: " & Server.HTMLEncode(Err.Description) & "
") Response.Write("Go back") Set cmdNewVendor = Nothing objConn.Close Response.End End If ' Get the newly created vendor ID Dim rsNewVendor Set rsNewVendor = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") newvendorid = CLng(rsNewVendor("newid")) rsNewVendor.Close Set rsNewVendor = Nothing Set cmdNewVendor = Nothing On Error Goto 0 End If ' Set default image if not specified Dim modelImageValue If Len(newmodelimage) > 0 Then modelImageValue = newmodelimage Else modelImageValue = "default.png" End If ' Insert new model using parameterized query Dim sqlNewModel, cmdNewModel sqlNewModel = "INSERT INTO models (modelnumber, vendorid, image, isactive) VALUES (?, ?, ?, 1)" Set cmdNewModel = Server.CreateObject("ADODB.Command") cmdNewModel.ActiveConnection = objConn cmdNewModel.CommandText = sqlNewModel cmdNewModel.CommandType = 1 cmdNewModel.Parameters.Append cmdNewModel.CreateParameter("@modelnumber", 200, 1, 50, newmodelnumber) cmdNewModel.Parameters.Append cmdNewModel.CreateParameter("@vendorid", 3, 1, , CLng(newvendorid)) cmdNewModel.Parameters.Append cmdNewModel.CreateParameter("@image", 200, 1, 100, modelImageValue) On Error Resume Next cmdNewModel.Execute If Err.Number <> 0 Then Response.Write("
Error creating new model: " & Server.HTMLEncode(Err.Description) & "
") Response.Write("Go back") Set cmdNewModel = Nothing objConn.Close Response.End End If ' Get the newly created model ID Dim rsNewModel Set rsNewModel = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") modelid = CLng(rsNewModel("newid")) rsNewModel.Close Set rsNewModel = Nothing Set cmdNewModel = Nothing On Error Goto 0 End If ' Build INSERT statement with parameterized query Dim strSQL, cmdMachine strSQL = "INSERT INTO machines (machinenumber, modelnumberid, machinetypeid, businessunitid, alias, machinenotes, mapleft, maptop, isactive, islocationonly) " & _ "VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1, 0)" Set cmdMachine = Server.CreateObject("ADODB.Command") cmdMachine.ActiveConnection = objConn cmdMachine.CommandText = strSQL cmdMachine.CommandType = 1 cmdMachine.Parameters.Append cmdMachine.CreateParameter("@machinenumber", 200, 1, 50, machinenumber) cmdMachine.Parameters.Append cmdMachine.CreateParameter("@modelnumberid", 3, 1, , CLng(modelid)) cmdMachine.Parameters.Append cmdMachine.CreateParameter("@machinetypeid", 3, 1, , CLng(machinetypeid)) cmdMachine.Parameters.Append cmdMachine.CreateParameter("@businessunitid", 3, 1, , CLng(businessunitid)) ' Handle optional alias If alias <> "" Then cmdMachine.Parameters.Append cmdMachine.CreateParameter("@alias", 200, 1, 50, alias) Else cmdMachine.Parameters.Append cmdMachine.CreateParameter("@alias", 200, 1, 50, Null) End If ' Handle optional machinenotes If machinenotes <> "" Then cmdMachine.Parameters.Append cmdMachine.CreateParameter("@machinenotes", 200, 1, 500, machinenotes) Else cmdMachine.Parameters.Append cmdMachine.CreateParameter("@machinenotes", 200, 1, 500, Null) End If ' Handle optional map coordinates If mapleft <> "" And maptop <> "" And IsNumeric(mapleft) And IsNumeric(maptop) Then cmdMachine.Parameters.Append cmdMachine.CreateParameter("@mapleft", 3, 1, , CLng(mapleft)) cmdMachine.Parameters.Append cmdMachine.CreateParameter("@maptop", 3, 1, , CLng(maptop)) Else cmdMachine.Parameters.Append cmdMachine.CreateParameter("@mapleft", 3, 1, , Null) cmdMachine.Parameters.Append cmdMachine.CreateParameter("@maptop", 3, 1, , Null) End If On Error Resume Next cmdMachine.Execute If Err.Number <> 0 Then Response.Write("
Error: " & Server.HTMLEncode(Err.Description) & "
") Response.Write("Go back") Set cmdMachine = Nothing objConn.Close Response.End End If Set cmdMachine = Nothing ' Get the new machine ID Dim newMachineId Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid") newMachineId = CLng(rsCheck("newid")) rsCheck.Close Set rsCheck = Nothing ' Link selected PC to this machine by updating its machinenumber field Dim pcid pcid = Trim(Request.Form("pcid")) If pcid <> "" And IsNumeric(pcid) And CLng(pcid) > 0 Then Dim updatePCSQL, cmdUpdatePC updatePCSQL = "UPDATE pc SET machinenumber = ? WHERE pcid = ?" Set cmdUpdatePC = Server.CreateObject("ADODB.Command") cmdUpdatePC.ActiveConnection = objConn cmdUpdatePC.CommandText = updatePCSQL cmdUpdatePC.CommandType = 1 cmdUpdatePC.Parameters.Append cmdUpdatePC.CreateParameter("@machinenumber", 200, 1, 50, machinenumber) cmdUpdatePC.Parameters.Append cmdUpdatePC.CreateParameter("@pcid", 3, 1, , CLng(pcid)) On Error Resume Next cmdUpdatePC.Execute Set cmdUpdatePC = Nothing On Error Goto 0 End If objConn.Close If CLng(newMachineId) > 0 Then %> <% Else Response.Write("Error: Machine was not added successfully.") End If %>