Hi everyone,
I don't know if anyone can help me,
I've got roughly 25 forms in a site, with between 10 and 70 fields on
each form. Now, these fields need to be inserted into a DB, each form
has it's own table and each column is named the same as it's
corresponding form field. Make sense?
My question is, is there a quicker way of constructng my SQL UPDATE
query string for all this lot? Is it possible to request all the form
fields from a single page and put them into and array that I can loop
through and construct the SQL query on the fly? Or am I going to have
to do it the hard way and and do a request.form for every form field
and construct each one manually?
I've had a quick google round but can't really find anything that
answers my question,
Maybe I'm just being lazy, but any tips would be really appreciated!
Thanks guys,
Tom
12  1531 
for each el in Request.Form
Session("forms" &el) = Request.Form(el )
next
sql = "UPDATE myTab set "
dim coma
for each el in Session.Content s
if mid(el,1,5) = "forms" then
sql = sql & coma & mid(el,6) &" = "& Session(el) coma = ","
end if
next
Response.Write sql
"Tom" <sp**@tom-jordan.co.uk> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. . Hi everyone,
I don't know if anyone can help me,
I've got roughly 25 forms in a site, with between 10 and 70 fields on
each form. Now, these fields need to be inserted into a DB, each form
has it's own table and each column is named the same as it's
corresponding form field. Make sense?
My question is, is there a quicker way of constructng my SQL UPDATE
query string for all this lot? Is it possible to request all the form
fields from a single page and put them into and array that I can loop
through and construct the SQL query on the fly? Or am I going to have
to do it the hard way and and do a request.form for every form field
and construct each one manually?
I've had a quick google round but can't really find anything that
answers my question,
Maybe I'm just being lazy, but any tips would be really appreciated!
Thanks guys,
Tom
Brilliant - thx for the quick response too
"Tom" <sp**@tom-jordan.co.uk> wrote in message
news:11******** ************@o1 3g2000cwo.googl egroups.com... Brilliant - thx for the quick response too
no worries I guess you noticed the that
coma = ","
should of been on its own line
for each el in Request.Form
Session("forms" &el) = Request.Form(el )
next
sql = "UPDATE myTab set "
dim coma
for each el in Session.Content s
if mid(el,1,5) = "forms" then
sql = sql & coma & mid(el,6) &" = "& Session(el) coma = ","
end if
next
Perhaps I'm missing something :-)
Could you explain why you go to the extra step of transferring the Form
collection to Session?
Also, how will the need for delimiters be handled? I would assume that not
all of these fields are numeric ...
Bob Barrows
Slim wrote: for each el in Request.Form
Session("forms" &el) = Request.Form(el )
next
sql = "UPDATE myTab set "
dim coma
for each el in Session.Content s
if mid(el,1,5) = "forms" then
sql = sql & coma & mid(el,6) &" = "& Session(el) coma = ","
end if
next
Response.Write sql
"Tom" <sp**@tom-jordan.co.uk> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. . Hi everyone,
I don't know if anyone can help me,
I've got roughly 25 forms in a site, with between 10 and 70 fields on
each form. Now, these fields need to be inserted into a DB, each form
has it's own table and each column is named the same as it's
corresponding form field. Make sense?
My question is, is there a quicker way of constructng my SQL UPDATE
query string for all this lot? Is it possible to request all the form
fields from a single page and put them into and array that I can loop
through and construct the SQL query on the fly? Or am I going to have
to do it the hard way and and do a request.form for every form field
and construct each one manually?
I've had a quick google round but can't really find anything that
answers my question,
Maybe I'm just being lazy, but any tips would be really appreciated!
Thanks guys,
Tom
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
"Bob Barrows [MVP]" <re******@NOyah oo.SPAMcom> wrote in message
news:Of******** ******@TK2MSFTN GP11.phx.gbl... Perhaps I'm missing something :-)
Could you explain why you go to the extra step of transferring the Form
collection to Session?
Also, how will the need for delimiters be handled? I would assume that not
all of these fields are numeric ...
no you don't have to change them to Session, but I already had the code in
one of my pages where I like to put them in session for persistence of the
form.
and yes you can simply test to see they are numeric
the important thing is that it was a help to Tom
Bob Barrows
Slim wrote: for each el in Request.Form
Session("forms" &el) = Request.Form(el )
next
sql = "UPDATE myTab set "
dim coma
for each el in Session.Content s
if mid(el,1,5) = "forms" then
sql = sql & coma & mid(el,6) &" = "& Session(el) coma = ","
end if
next
Response.Write sql
"Tom" <sp**@tom-jordan.co.uk> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. . Hi everyone,
I don't know if anyone can help me,
I've got roughly 25 forms in a site, with between 10 and 70 fields on
each form. Now, these fields need to be inserted into a DB, each form
has it's own table and each column is named the same as it's
corresponding form field. Make sense?
My question is, is there a quicker way of constructng my SQL UPDATE
query string for all this lot? Is it possible to request all the form
fields from a single page and put them into and array that I can loop
through and construct the SQL query on the fly? Or am I going to have
to do it the hard way and and do a request.form for every form field
and construct each one manually?
I've had a quick google round but can't really find anything that
answers my question,
Maybe I'm just being lazy, but any tips would be really appreciated!
Thanks guys,
Tom
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Tom wrote: Hi everyone,
I don't know if anyone can help me,
I've got roughly 25 forms in a site, with between 10 and 70 fields on
each form. Now, these fields need to be inserted into a DB,
What DB? Type and version please. It's almost always relevant.
each form
has it's own table and each column is named the same as it's
corresponding form field. Make sense?
My question is, is there a quicker way of constructng my SQL UPDATE
query string for all this lot?
These forms will only be used for maintaining existing data? Never for
inserting new rows into your tables?
Is it possible to request all the form
fields from a single page and put them into and array that I can loop
through and construct the SQL query on the fly? Or am I going to have
to do it the hard way and and do a request.form for every form field
and construct each one manually?
So you want to create a single generic form processing page to which all
your pages submit their data?
If so, how will the destination table be identified? A hidden form field? In
the querystring?
Or are you planning to put this code into an include file used in the pages
for each of these forms in which the table names are hard-coded? I will
assume this is the case. Something like this:
<!--#include file="UpdateCod e.asp"-->
<%
on error resume next
'PerformUpdate refers to a sub contained in UpdateCode.asp
PerformUpdate(" sometable")
if err <> 0 then
'notify user that an error occurred
'optionally. log the error somewhere for debugging purposes
'I would not tell the user the actual error - hackers can make
'use of information provided in error messages
else
'notify user that update was successful
end if
%>
I've had a quick google round but can't really find anything that
answers my question,
Maybe I'm just being lazy, but any tips would be really appreciated!
You are doing yourself and perhaps your employer a disservice by not giving
enough attention to security here. It sounds like you're just planning to
throw this data into your database without validating it first. This can
lead to problems with data integrity (inadvertant keystrokes by users) as
well as opening the door to malicious users. It's a mistake to blindly
assume that the data in Request.Form is coming from the form that you wrote.
One common hacker exploit is to create a new page containing all the form
elements in your form and use it to submit their own unvalidated data
(assuming your page has some sort of client-side validation built in)
If I was planning to do something like this, I would give some thought to
providing validation instructions for the code to use. You could perhaps
include this information in the form's field names, something like
<input name="fieldname |datatype|notnu ll" ... >
That way, when you loop through the Form collection, you can perform some
basic validation: make sure the value is a date (for date fields) or a
number (for numeric fields); make sure the value is not an empty string for
those fields that don't allow nulls.
An alternative would be to create an xml document containing this
information and store it in a file on the server, or load it into
Application (my preference).
I will assume you will use the form name approach.
Due to the dangers of SQL Injection
( http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDe...aspx?tabid=23), as well as the
issues involving delimiters (I'm assuming that not all of these fields are
numeric datatypes) I would avoid the dynamic sql solution.
My preference would be to create a stored procedure/saved parameter query
(depending on your database) for each table and pass the form values as
parameters. However, if you prefer not to go to the trouble of creating
these procedures, you can use a Command object to pass these values to a
statement containing parameter markers, like this (this sub will be in the
UpdateCode.asp include file):
<%
Sub PerformUpdate(t ablename)
dim sql,cn,cmd,curv al,fieldname,da tatype,required , ar,formitem
dim arParms,msg, i, connectionstrin g
redim arParms(request .form.count - 1)
sql = "Update " & tablename & " Set "
i=0
msg=""
for each formitem in Request.Form
curval=Request. Form(formitem)
ar=Split(formit em, "|")
fieldname=ar(0)
datatype=ar(1)
required=ar(2)
if required = "notnull" then
if len(curval)=0 then
msg=msg & "No data entered for required field - " & _
fieldname & ";"
loop
end if
end if
if len(curval) > 0 then
select case datatype
case "date"
if not isdate(curval) then
msg=msg & curval & " entered in " & fieldname & _
" is not a date;"
end if
case "numeric"
'for the sake of time, i will use IsNumeric() here - I suggest
'you use a more robust method such as the one described
' in http://www.aspfaq.com/show.asp?id=2390
If not isnumeric(curva l) then
msg=msg & curval & " entered in " & fieldname & _
" is not a number;"
end if
end select
end if
if len(msg)=0 then
arParms(i) = curval
sql = sql & fieldname & "=?,"
end if
i=i+1
next
if len(msg) = 0 then
sql=left(sql,le n(sql)-1) ' get rid of the last comma
'add a where clause so the correct record is updated
set cn=createobject ("adodb.connect ion")
cn.open connectionstrin g
set cmd=createobjec t("adodb.comman d")
with cmd
set .ActiveConnecti on=cn
.CommandType=1 'adCmdText
.CommandText=sq l
.Execute ,arParms,128 'adExecuteNoRec ords
end with
cn.close:set cn=nothing
else
err.raise 1 + vbObjectError, msg
end if
End Sub
%>
HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Slim wrote: "Bob Barrows [MVP]" <re******@NOyah oo.SPAMcom> wrote in message
news:Of******** ******@TK2MSFTN GP11.phx.gbl... Perhaps I'm missing something :-)
Could you explain why you go to the extra step of transferring the
Form collection to Session?
Also, how will the need for delimiters be handled? I would assume
that not all of these fields are numeric ...
no you don't have to change them to Session, but I already had the
code in one of my pages where I like to put them in session for
persistence of the form.
and yes you can simply test to see they are numeric
No, you missed my point: how will he know WHEN to test whether they are
numeric (or date, or whatever ... )
Bob Barrows
PS. I was just asking for clarification - not criticising your post.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
"Bob Barrows [MVP]" <re******@NOyah oo.SPAMcom> wrote in message
news:e4******** *****@TK2MSFTNG P09.phx.gbl... Slim wrote: "Bob Barrows [MVP]" <re******@NOyah oo.SPAMcom> wrote in message
news:Of******** ******@TK2MSFTN GP11.phx.gbl... Perhaps I'm missing something :-)
Could you explain why you go to the extra step of transferring the
Form collection to Session?
Also, how will the need for delimiters be handled? I would assume
that not all of these fields are numeric ...
no you don't have to change them to Session, but I already had the
code in one of my pages where I like to put them in session for
persistence of the form.
and yes you can simply test to see they are numeric
No, you missed my point: how will he know WHEN to test whether they are
numeric (or date, or whatever ... )
Bob Barrows
PS. I was just asking for clarification - not criticising your post.
fair enough.
But you could take this to ridicules lengths and say how does he know to
give the page .asp extensions, or wrap the script in <%%> tags,
I also posted 2 lines of code on the same line,
coma = "," ' should be on a line by itself
But he seems to have sorted that out by himself.
I guess you need to assume some things, he can always ask for more info
Sometimes it is obvious that the poster has no idea where to start and i
have made the page completely for them, where other times you can obtain
that the poster is quite advanced and a simple line of code is all they
need.
Some times you can even teach a new trick to those more advanced, and learn
something from those less advanced
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Slim wrote: Bob Barrows
PS. I was just asking for clarification - not criticising your post.
fair enough.
But you could take this to ridicules lengths and say how does he know
to give the page .asp extensions, or wrap the script in <%%> tags,
I totally agree that those would be ridiculous lengths.
You seem to be getting very defensive. There is no need.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Shenron |
last post by:
Hello,
I'm trying to translate my website in some languages, therefore I
include a file which contains all words. This is something like that:
$hello_english="Hello"; in lang_en.php
$hello_francais="Salut"; in lang_fr.php
$hello_deutch="Heil"; in lang_de.php
....
|
by: Eric R. |
last post by:
I was looking through php.net's help guide and a few other documents
that I cam across on the web but I am still having trouble finding the
information I am looking for. So I came here...
Here is my question:
I was wondering if there was a way to load information into a page
without using SQL or anything fancy. Say I had a page setup with the
body of the page being pulled in with a 'require' command and a menu
bar on the left. (This...
|
by: Ioannis Demetriades |
last post by:
Hi,
I am doing a VB.NET application with SQL Server 2000 and I need to implement
a database search facility that will normally return lots of records. Those
records will then be displayed in a datagrid.
What I want to do is not to create a complete dataset but a partial one, and
whenever i reach the end of the partial dataset i want the database to
return the next part of the dataset.
My first guess would be to create a client cursor...
|
by: AlexS |
last post by:
Hi,
I wonder if anybody can comment if what I see is normal in FW 1.1 and how to
avoid this.
I have .Net assembly, which creates literally thousands of temporary strings
and other objects when running. Usually it is something like
{
string s=some value;
some local processing here
|
by: C. Barnes |
last post by:
Hi, I'm in the process of writing a Python linear
algebra module.
The current targeted interface is:
http://oregonstate.edu/~barnesc/temp/linalg/
The interface was originally based on Raymond
Hettinger's
Matfunc . However, it has evolved so that now it
| | |
by: djc |
last post by:
the aspnet_wp.exe process in taking up lots of memory. Right now just the
one main page loads and imediately goes to the top of the memory usage list
with around 32MB of memory usage. The page only contains 1 datagrid that IS
using default paging and sorting capabilities. I am using 2 viewstate
variables to keep track of field and direction info for sorting so that the
columns sort asc then desc on second click etc... As far as the data for...
|
by: tolkienarda |
last post by:
i need to update a database table using variables in unusual places here are the update statements
mysql_query("UPDATE 'grades' SET '$class' = '$grade' WHERE student='$student'");
mysql_query("UPDATE 'assignments' SET '$class' = '$grade' WHERE student='$student'");
mysql_query("UPDATE 'comments' SET '$class' = '$grade' WHERE student='$student'");
now i was just showed by ron how to recive post stuff and that is where the variables come...
|
by: robert maas, see http://tinyurl.com/uh3t |
last post by:
I'm working on examples of programming in several languages, all
(except PHP) running under CGI so that I can show both the source
files and the actually running of the examples online. The first
set of examples, after decoding the HTML FORM contents, merely
verifies the text within a field to make sure it is a valid
representation of an integer, without any junk thrown in, i.e. it
must satisfy the regular expression: ^ *?+ *$
If the...
|
by: Ark Khasin |
last post by:
Unit testing is an integral component of both "formal" and "agile"
models of development. Alas, it involves a significant amount of tedious
labor.
There are test automation tools out there but from what limited exposure
I've had, they are pricey, reasonably buggy, and require compiler/target
adaptation.
Out of my frustration with two out of two of them came my own. Its
instrumentation approach is based solely on profound abuse of the C
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
