<%
' Get all form data
Dim appname, appdescription, supportteamid
Dim applicationnotes, installpath, applicationlink, documentationpath, image
Dim isinstallable, isactive, ishidden, isprinter, islicenced
Dim newsupportteamname, newsupportteamurl, newappownerid
appname = Trim(Request.Form("appname"))
appdescription = Trim(Request.Form("appdescription"))
supportteamid = Trim(Request.Form("supportteamid"))
applicationnotes = Trim(Request.Form("applicationnotes"))
installpath = Trim(Request.Form("installpath"))
applicationlink = Trim(Request.Form("applicationlink"))
documentationpath = Trim(Request.Form("documentationpath"))
image = Trim(Request.Form("image"))
' New support team fields
newsupportteamname = Trim(Request.Form("newsupportteamname"))
newsupportteamurl = Trim(Request.Form("newsupportteamurl"))
newappownerid = Trim(Request.Form("newappownerid"))
' Checkboxes
If Request.Form("isinstallable") = "1" Then isinstallable = 1 Else isinstallable = 0
If Request.Form("isactive") = "1" Then isactive = 1 Else isactive = 0
If Request.Form("ishidden") = "1" Then ishidden = 1 Else ishidden = 0
If Request.Form("isprinter") = "1" Then isprinter = 1 Else isprinter = 0
If Request.Form("islicenced") = "1" Then islicenced = 1 Else islicenced = 0
' Basic validation
If Len(appname) < 1 Or Len(appname) > 50 Then
Response.Write("Error: Application name must be 1-50 characters")
objConn.Close
Response.End
End If
' Validate support team is selected
If supportteamid = "" Then
Response.Write("Error: Please select a support team.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Check if we need to create a new support team first
If supportteamid = "new" Then
If newsupportteamname = "" Then
Response.Write("Error: Support team name is required.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If Len(newsupportteamname) > 50 Then
Response.Write("Error: Support team name too long.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Escape quotes for support team name and URL
Dim escapedTeamName, escapedTeamUrl
escapedTeamName = Replace(newsupportteamname, "'", "''")
escapedTeamUrl = Replace(newsupportteamurl, "'", "''")
' Check if support team already exists
Dim checkSQL, rsCheck
checkSQL = "SELECT COUNT(*) as cnt FROM supportteams WHERE LOWER(teamname) = LOWER('" & escapedTeamName & "')"
Set rsCheck = objConn.Execute(checkSQL)
If rsCheck.EOF Then
rsCheck.Close
Response.Write("Error: Database query failed.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Response.Write("Error: Support team '" & Server.HTMLEncode(newsupportteamname) & "' already exists.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
rsCheck.Close
' Check if we need to create a new app owner first (nested creation)
If newappownerid = "new" Then
Dim newappownername, newappownersso
newappownername = Trim(Request.Form("newappownername"))
newappownersso = Trim(Request.Form("newappownersso"))
If newappownername = "" Or newappownersso = "" Then
Response.Write("Error: App owner name and SSO are required.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If Len(newappownername) > 50 Or Len(newappownersso) > 50 Then
Response.Write("Error: App owner name or SSO too long.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Escape quotes
Dim escapedOwnerName, escapedSSO
escapedOwnerName = Replace(newappownername, "'", "''")
escapedSSO = Replace(newappownersso, "'", "''")
' Check if app owner already exists
checkSQL = "SELECT COUNT(*) as cnt FROM appowners WHERE LOWER(appowner) = LOWER('" & escapedOwnerName & "') OR LOWER(sso) = LOWER('" & escapedSSO & "')"
Set rsCheck = objConn.Execute(checkSQL)
If rsCheck.EOF Then
rsCheck.Close
Response.Write("Error: Database query failed (app owner check).
")
Response.Write("Go back")
objConn.Close
Response.End
End If
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Response.Write("Error: App owner with this name or SSO already exists.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
rsCheck.Close
' Insert new app owner
Dim ownerSQL
ownerSQL = "INSERT INTO appowners (appowner, sso, isactive) VALUES ('" & escapedOwnerName & "', '" & escapedSSO & "', 1)"
On Error Resume Next
objConn.Execute ownerSQL
If Err.Number <> 0 Then
Response.Write("Error creating app owner: " & Err.Description & "
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Get the new app owner ID
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
newappownerid = rsCheck("newid")
rsCheck.Close
Else
' Validate existing app owner ID
If Not IsNumeric(newappownerid) Or CLng(newappownerid) < 1 Then
Response.Write("Error: Invalid app owner.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
End If
' Insert new support team
Dim teamSQL
teamSQL = "INSERT INTO supportteams (teamname, teamurl, appownerid, isactive) VALUES ('" & escapedTeamName & "', '" & escapedTeamUrl & "', " & newappownerid & ", 1)"
On Error Resume Next
objConn.Execute teamSQL
If Err.Number <> 0 Then
Response.Write("Error creating support team: " & Err.Description & "
")
Response.Write("Go back")
objConn.Close
Response.End
End If
' Get the new support team ID
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
supportteamid = rsCheck("newid")
rsCheck.Close
Else
' Validate existing support team ID
If Not IsNumeric(supportteamid) Or CLng(supportteamid) < 1 Then
Response.Write("Error: Invalid support team ID.
")
Response.Write("Go back")
objConn.Close
Response.End
End If
End If
' Escape backslashes and single quotes for SQL
' Must escape backslashes FIRST, then quotes
appname = Replace(appname, "\", "\\")
appname = Replace(appname, "'", "''")
appdescription = Replace(appdescription, "\", "\\")
appdescription = Replace(appdescription, "'", "''")
applicationnotes = Replace(applicationnotes, "\", "\\")
applicationnotes = Replace(applicationnotes, "'", "''")
installpath = Replace(installpath, "\", "\\")
installpath = Replace(installpath, "'", "''")
applicationlink = Replace(applicationlink, "\", "\\")
applicationlink = Replace(applicationlink, "'", "''")
documentationpath = Replace(documentationpath, "\", "\\")
documentationpath = Replace(documentationpath, "'", "''")
image = Replace(image, "\", "\\")
image = Replace(image, "'", "''")
' Build INSERT statement
Dim strSQL
strSQL = "INSERT INTO applications (" & _
"appname, appdescription, supportteamid, applicationnotes, " & _
"installpath, applicationlink, documentationpath, image, " & _
"isinstallable, isactive, ishidden, isprinter, islicenced" & _
") VALUES (" & _
"'" & appname & "', " & _
"'" & appdescription & "', " & _
supportteamid & ", " & _
"'" & applicationnotes & "', " & _
"'" & installpath & "', " & _
"'" & applicationlink & "', " & _
"'" & documentationpath & "', " & _
"'" & image & "', " & _
isinstallable & ", " & _
isactive & ", " & _
ishidden & ", " & _
isprinter & ", " & _
islicenced & ")"
On Error Resume Next
objConn.Execute strSQL
If Err.Number <> 0 Then
Response.Write("Error: " & Err.Description)
objConn.Close
Response.End
End If
' Get the new application ID
Dim rsNew
Set rsNew = objConn.Execute("SELECT LAST_INSERT_ID() AS newid")
Dim newAppId
newAppId = rsNew("newid")
rsNew.Close
Set rsNew = Nothing
objConn.Close
If newAppId > 0 Then
Response.Redirect("displayapplication.asp?appid=" & newAppId)
Else
Response.Write("Error: Could not retrieve new application ID")
End If
%>