<%@ Language=VBScript %> <% Option Explicit ' Inline SQL connection (from sql.asp) Dim objConn, strSQL Set objConn = Server.CreateObject("ADODB.Connection") objConn.Open "DSN=shopdb;UID=shopdbuser;PWD=shopdbuser1!;" ' Get form data Dim appid, appname, appdescription, supportteamid Dim applicationnotes, installpath, documentationpath, image Dim isinstallable, isactive, ishidden, isprinter, islicenced appid = Trim(Request.Form("appid")) appname = Trim(Request.Form("appname")) appdescription = Trim(Request.Form("appdescription")) supportteamid = Trim(Request.Form("supportteamid")) applicationnotes = Trim(Request.Form("applicationnotes")) installpath = Trim(Request.Form("installpath")) documentationpath = Trim(Request.Form("documentationpath")) image = Trim(Request.Form("image")) ' Checkboxes - ensure they are always integers 0 or 1 If Request.Form("isinstallable") = "1" Then isinstallable = 1 Else isinstallable = 0 End If If Request.Form("isactive") = "1" Then isactive = 1 Else isactive = 0 End If If Request.Form("ishidden") = "1" Then ishidden = 1 Else ishidden = 0 End If If Request.Form("isprinter") = "1" Then isprinter = 1 Else isprinter = 0 End If If Request.Form("islicenced") = "1" Then islicenced = 1 Else islicenced = 0 End If ' Simple validation If Not IsNumeric(appid) Or CLng(appid) < 1 Then Response.Write("Invalid appid") objConn.Close Response.End End If If Len(appname) < 1 Or Len(appname) > 50 Then Response.Write("Invalid appname length") objConn.Close Response.End End If ' Build parameterized UPDATE Dim cmd, param Set cmd = Server.CreateObject("ADODB.Command") cmd.ActiveConnection = objConn cmd.CommandText = "UPDATE applications SET appname = ?, appdescription = ?, supportteamid = ?, " & _ "applicationnotes = ?, installpath = ?, documentationpath = ?, image = ?, " & _ "isinstallable = ?, isactive = ?, ishidden = ?, isprinter = ?, islicenced = ? " & _ "WHERE appid = ?" cmd.CommandType = 1 ' Add parameters manually Set param = cmd.CreateParameter("p1", 200, 1, 50, appname) cmd.Parameters.Append param Set param = cmd.CreateParameter("p2", 200, 1, 255, appdescription) cmd.Parameters.Append param Set param = cmd.CreateParameter("p3", 3, 1, 4, CLng(supportteamid)) cmd.Parameters.Append param Set param = cmd.CreateParameter("p4", 200, 1, 512, applicationnotes) cmd.Parameters.Append param Set param = cmd.CreateParameter("p5", 200, 1, 255, installpath) cmd.Parameters.Append param Set param = cmd.CreateParameter("p6", 200, 1, 512, documentationpath) cmd.Parameters.Append param Set param = cmd.CreateParameter("p7", 200, 1, 255, image) cmd.Parameters.Append param Set param = cmd.CreateParameter("p8", 11, 1, , CBool(isinstallable)) cmd.Parameters.Append param Set param = cmd.CreateParameter("p9", 11, 1, , CBool(isactive)) cmd.Parameters.Append param Set param = cmd.CreateParameter("p10", 11, 1, , CBool(ishidden)) cmd.Parameters.Append param Set param = cmd.CreateParameter("p11", 11, 1, , CBool(isprinter)) cmd.Parameters.Append param Set param = cmd.CreateParameter("p12", 11, 1, , CBool(islicenced)) cmd.Parameters.Append param Set param = cmd.CreateParameter("p13", 3, 1, 4, CLng(appid)) cmd.Parameters.Append param ' Execute On Error Resume Next cmd.Execute If Err.Number <> 0 Then Response.Write("Error: " & Err.Description) objConn.Close Response.End End If objConn.Close ' Redirect on success Response.Redirect("displayapplication.asp?appid=" & Server.URLEncode(appid)) %>