<% ' Initialize error handling Call InitializeErrorHandling("savedevice.asp") ' Get the serial number from the form Dim serialnumber serialnumber = Trim(Request.Form("serialnumber")) ' Validate serial number format and length If Not ValidateSerialNumber(serialnumber) Then Call CleanupResources() Response.Redirect("./adddevice.asp?error=INVALID_SERIAL") Response.End End If ' Check if serial number already exists using parameterized query Dim checkSQL, rsCheck, existingPCID checkSQL = "SELECT pcid FROM pc WHERE serialnumber = ?" Set rsCheck = ExecuteParameterizedQuery(objConn, checkSQL, Array(serialnumber)) If Not rsCheck.EOF Then ' Serial number already exists - redirect to edit page existingPCID = rsCheck("pcid") rsCheck.Close Set rsCheck = Nothing Call CleanupResources() Response.Redirect("./editdevice.asp?pcid=" & existingPCID & "&scanned=1") Response.End End If rsCheck.Close Set rsCheck = Nothing ' Insert new device with minimal required fields and defaults using parameterized query ' pcstatusid = 2 (Inventory) ' isactive = 1 ' modelnumberid = 1 (default model) ' requires_manual_machine_config = 0 (no manual config needed) ' osid = 1 (default OS) Dim insertSQL, recordsAffected insertSQL = "INSERT INTO pc (serialnumber, pcstatusid, isactive, modelnumberid, requires_manual_machine_config, osid, dateadded) " & _ "VALUES (?, 2, 1, 1, 0, 1, NOW())" recordsAffected = ExecuteParameterizedInsert(objConn, insertSQL, Array(serialnumber)) ' Cleanup and redirect Call CleanupResources() If recordsAffected > 0 Then ' Success - redirect back with success message Response.Redirect("./adddevice.asp?added=" & Server.URLEncode(serialnumber)) Else Response.Redirect("./adddevice.asp?error=db") End If %>