<% ' Get form inputs Dim vlan, ipstart, cidr, description, subnettypeid, cidrarray, ipend vlan = Trim(Request.Form("vlan")) ipstart = Trim(Request.Form("ipstart")) cidr = Trim(Request.Form("cidr")) description = Trim(Request.Form("description")) subnettypeid = Trim(Request.Form("subnettypeid")) ' Validate required fields If vlan = "" Or ipstart = "" Or cidr = "" Or subnettypeid = "" Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Validate VLAN is numeric If Not IsNumeric(vlan) Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Basic IP address validation If Len(ipstart) < 7 Or Len(ipstart) > 15 Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Validate subnet type ID If Not IsNumeric(subnettypeid) Or CLng(subnettypeid) < 1 Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Parse CIDR value (expected format: "cidr,ipend") If InStr(cidr, ",") = 0 Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If cidrarray = Split(cidr, ",") If UBound(cidrarray) < 1 Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ipend = Trim(cidrarray(1)) cidr = Trim(cidrarray(0)) ' Validate CIDR is numeric If Not IsNumeric(cidr) Or CInt(cidr) < 0 Or CInt(cidr) > 32 Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Validate ipend is numeric If Not IsNumeric(ipend) Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Validate description length If Len(description) > 500 Then Response.Write("") Response.Write("Go back") objConn.Close Response.End End If ' Verify subnet type exists using parameterized query Dim checkSQL, rsCheck, cmdCheck checkSQL = "SELECT COUNT(*) as cnt FROM subnettypes WHERE subnettypeid = ?" Set cmdCheck = Server.CreateObject("ADODB.Command") cmdCheck.ActiveConnection = objConn cmdCheck.CommandText = checkSQL cmdCheck.CommandType = 1 cmdCheck.Parameters.Append cmdCheck.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid)) Set rsCheck = cmdCheck.Execute If Not rsCheck.EOF Then If Not IsNull(rsCheck("cnt")) Then If CLng(rsCheck("cnt")) = 0 Then rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing Response.Write("") Response.Write("Go back") objConn.Close Response.End End If End If End If rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing ' Insert using parameterized query ' Note: INET_ATON requires the IP address, ipend is added to the result Dim strSQL, cmdInsert strSQL = "INSERT INTO subnets (vlan, description, cidr, ipstart, ipend, subnettypeid, isactive) " & _ "VALUES (?, ?, ?, INET_ATON(?), (INET_ATON(?) + ?), ?, 1)" Set cmdInsert = Server.CreateObject("ADODB.Command") cmdInsert.ActiveConnection = objConn cmdInsert.CommandText = strSQL cmdInsert.CommandType = 1 cmdInsert.Parameters.Append cmdInsert.CreateParameter("@vlan", 3, 1, , CLng(vlan)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@description", 200, 1, 500, description) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@cidr", 3, 1, , CInt(cidr)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart1", 200, 1, 15, ipstart) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart2", 200, 1, 15, ipstart) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipend", 3, 1, , CLng(ipend)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid)) On Error Resume Next cmdInsert.Execute If Err.Number = 0 Then Set cmdInsert = Nothing objConn.Close Response.Redirect("./displaysubnets.asp") Else Response.Write("") Response.Write("Go back") Set cmdInsert = Nothing objConn.Close End If %>