shopdb/saveusbdirect.asp

<%
'=============================================================================
' FILE: saveusbdirect.asp
' PURPOSE: Create new USB device in machines table
' SECURITY: Parameterized queries, HTML encoding, input validation
' CREATED: 2025-12-07
'=============================================================================
%>
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
<%
	' Get form values
	Dim serialnumber, alias, businessunitid
	serialnumber = Trim(Request.Form("serialnumber"))
	alias = Trim(Request.Form("alias"))
	businessunitid = Trim(Request.Form("businessunitid"))

	' Basic validation - serial number required
	If serialnumber = "" Or Len(serialnumber) < 3 Or Len(serialnumber) > 100 Then
		objConn.Close
		ShowError "Invalid serial number. Must be 3-100 characters.", "addusb.asp"
		Response.End
	End If

	' Check if serial number already exists in machines table
	Dim checkSQL, rsCheck, cmdCheck, existingMachineID, existingMachineType
	checkSQL = "SELECT machineid, machinetypeid FROM machines WHERE serialnumber = ? AND isactive = 1"
	Set cmdCheck = Server.CreateObject("ADODB.Command")
	cmdCheck.ActiveConnection = objConn
	cmdCheck.CommandText = checkSQL
	cmdCheck.CommandType = 1
	cmdCheck.Parameters.Append cmdCheck.CreateParameter("@serialnumber", 200, 1, 100, serialnumber)

	Set rsCheck = cmdCheck.Execute

	If Not rsCheck.EOF Then
		' Serial number already exists
		existingMachineID = rsCheck("machineid")
		existingMachineType = rsCheck("machinetypeid")
		rsCheck.Close
		Set rsCheck = Nothing
		Set cmdCheck = Nothing
		objConn.Close

		' If it's already a USB device, show error
		If existingMachineType = 44 Then
			ShowError "USB device with serial '" & Server.HTMLEncode(serialnumber) & "' already exists.", "addusb.asp"
		Else
			ShowError "A device with serial '" & Server.HTMLEncode(serialnumber) & "' already exists as a different machine type.", "addusb.asp"
		End If
		Response.End
	End If

	rsCheck.Close
	Set rsCheck = Nothing
	Set cmdCheck = Nothing

	' Prepare businessunitid - convert to NULL if empty
	Dim buValue
	If businessunitid = "" Or Not IsNumeric(businessunitid) Then
		buValue = Null
	Else
		buValue = CLng(businessunitid)
	End If

	' Prepare alias - use serial if empty
	If alias = "" Then
		alias = serialnumber
	End If

	' Insert new USB device
	' machinetypeid = 44 (USB Device)
	' machinestatusid = 2 (Inventory)
	' isactive = 1
	Dim insertSQL, cmdInsert
	insertSQL = "INSERT INTO machines (serialnumber, machinenumber, alias, machinetypeid, businessunitid, machinestatusid, isactive, lastupdated) " & _
				"VALUES (?, ?, ?, 44, ?, 2, 1, NOW())"
	Set cmdInsert = Server.CreateObject("ADODB.Command")
	cmdInsert.ActiveConnection = objConn
	cmdInsert.CommandText = insertSQL
	cmdInsert.CommandType = 1
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@serialnumber", 200, 1, 100, serialnumber)
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@machinenumber", 200, 1, 50, serialnumber)
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@alias", 200, 1, 50, alias)

	' Handle nullable businessunitid
	If IsNull(buValue) Then
		cmdInsert.Parameters.Append cmdInsert.CreateParameter("@businessunitid", 3, 1, , Null)
	Else
		cmdInsert.Parameters.Append cmdInsert.CreateParameter("@businessunitid", 3, 1, , buValue)
	End If

	On Error Resume Next
	cmdInsert.Execute

	If Err.Number = 0 Then
		Set cmdInsert = Nothing
		objConn.Close
		' Success - redirect with success parameter
		Response.Redirect("./addusb.asp?added=" & Server.URLEncode(serialnumber))
	Else
		Dim insertErr
		insertErr = Err.Description
		Set cmdInsert = Nothing
		objConn.Close
		ShowError "Error adding USB device: " & Server.HTMLEncode(insertErr), "addusb.asp"
	End If
%>