<% ' Get form data Dim pcid, pcstatusid, pctypeid, hostname, modelnumberid, machinenumber, isactive pcid = Trim(Request.Form("pcid")) pcstatusid = Trim(Request.Form("pcstatusid")) pctypeid = Trim(Request.Form("pctypeid")) hostname = Trim(Request.Form("hostname")) modelnumberid = Trim(Request.Form("modelnumberid")) machinenumber = Trim(Request.Form("machinenumber")) isactive = Trim(Request.Form("isactive")) ' Get form inputs for new model Dim newmodelnumber, newvendorid newmodelnumber = Trim(Request.Form("newmodelnumber")) newvendorid = Trim(Request.Form("newvendorid")) ' Get form inputs for new vendor Dim newvendorname newvendorname = Trim(Request.Form("newvendorname")) ' Validate required ID fields If Not IsNumeric(pcid) Or CLng(pcid) < 1 Then Response.Write("Invalid PC ID") objConn.Close Response.End End If If Not IsNumeric(pcstatusid) Or CLng(pcstatusid) < 1 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=REQUIRED_FIELD") objConn.Close Response.End End If ' Verify the PC exists Dim checkSQL, rsCheck checkSQL = "SELECT COUNT(*) as cnt FROM pc WHERE pcid = " & CLng(pcid) Set rsCheck = objConn.Execute(checkSQL) If Not rsCheck.EOF Then If CLng(rsCheck("cnt")) = 0 Then rsCheck.Close objConn.Close Response.Redirect("default.asp") Response.End End If End If rsCheck.Close ' Set isactive: if checkbox not checked, it won't be in form data If isactive = "1" Then isactive = 1 Else isactive = 0 End If ' Validate optional ID fields - allow "new" as a valid value for model If pctypeid <> "" Then If Not IsNumeric(pctypeid) Or CLng(pctypeid) < 1 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=INVALID_ID") objConn.Close Response.End End If End If If modelnumberid <> "" And modelnumberid <> "new" Then If Not IsNumeric(modelnumberid) Or CLng(modelnumberid) < 1 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=INVALID_ID") objConn.Close Response.End End If End If ' Handle new model creation If modelnumberid = "new" Then If Len(newmodelnumber) = 0 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=REQUIRED_FIELD") objConn.Close Response.End End If If Len(newvendorid) = 0 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=REQUIRED_FIELD") objConn.Close Response.End End If If Len(newmodelnumber) > 50 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=INVALID_INPUT") objConn.Close Response.End End If ' Handle new vendor creation (nested) If newvendorid = "new" Then If Len(newvendorname) = 0 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=REQUIRED_FIELD") objConn.Close Response.End End If If Len(newvendorname) > 50 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=INVALID_INPUT") objConn.Close Response.End End If ' Escape single quotes Dim escapedVendorName escapedVendorName = Replace(newvendorname, "'", "''") ' Insert new vendor (with ispc=1) Dim sqlNewVendor sqlNewVendor = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES ('" & escapedVendorName & "', 1, 0, 1, 0)" On Error Resume Next objConn.Execute sqlNewVendor If Err.Number <> 0 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=db&msg=" & Server.URLEncode(Err.Description)) objConn.Close Response.End End If ' Get the newly created vendor ID Dim rsNewVendor Set rsNewVendor = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") newvendorid = CLng(rsNewVendor("newid")) rsNewVendor.Close Set rsNewVendor = Nothing On Error Goto 0 End If ' Escape single quotes for model Dim escapedModelNumber escapedModelNumber = Replace(newmodelnumber, "'", "''") ' Insert new model Dim sqlNewModel sqlNewModel = "INSERT INTO models (modelnumber, vendorid, isactive) VALUES ('" & escapedModelNumber & "', " & newvendorid & ", 1)" On Error Resume Next objConn.Execute sqlNewModel If Err.Number <> 0 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=db&msg=" & Server.URLEncode(Err.Description)) objConn.Close Response.End End If ' Get the newly created model ID Dim rsNewModel Set rsNewModel = objConn.Execute("SELECT LAST_INSERT_ID() AS newid") modelnumberid = CLng(rsNewModel("newid")) rsNewModel.Close Set rsNewModel = Nothing On Error Goto 0 End If ' Validate field lengths If hostname <> "" And Len(hostname) > 255 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=INVALID_INPUT") objConn.Close Response.End End If If machinenumber <> "" And Len(machinenumber) > 50 Then Response.Redirect("editdevice.asp?pcid=" & pcid & "&error=INVALID_INPUT") objConn.Close Response.End End If ' Escape quotes hostname = Replace(hostname, "'", "''") machinenumber = Replace(machinenumber, "'", "''") ' Build UPDATE query dynamically Dim updateSQL updateSQL = "UPDATE pc SET pcstatusid = " & pcstatusid & ", isactive = " & isactive & ", " ' Add optional fields If pctypeid <> "" Then updateSQL = updateSQL & "pctypeid = " & pctypeid & ", " Else updateSQL = updateSQL & "pctypeid = NULL, " End If If hostname <> "" Then updateSQL = updateSQL & "hostname = '" & hostname & "', " Else updateSQL = updateSQL & "hostname = NULL, " End If If modelnumberid <> "" Then updateSQL = updateSQL & "modelnumberid = " & modelnumberid & ", " Else updateSQL = updateSQL & "modelnumberid = NULL, " End If If machinenumber <> "" Then updateSQL = updateSQL & "machinenumber = '" & machinenumber & "', " Else updateSQL = updateSQL & "machinenumber = NULL, " End If ' Add lastupdated timestamp and WHERE clause updateSQL = updateSQL & "lastupdated = NOW() WHERE pcid = " & pcid ' Execute update On Error Resume Next objConn.Execute updateSQL If Err.Number = 0 Then objConn.Close ' Success - redirect back to scan page ready for next scan Response.Redirect("./adddevice.asp") Else Dim errMsg errMsg = Err.Description objConn.Close Response.Redirect("./editdevice.asp?pcid=" & pcid & "&error=db&msg=" & Server.URLEncode(errMsg)) End If %>