School of Geography, Planning and Architecture, The University of Queensland

CSER People updater:

<% action=request.form("do") PersId=request.form("PersId") name=request.form("name") worder=request.form("worder") ' is number field=request.form("Field") cat1=request.form("cat1") roles=request.form("roles") ' 39 is single quote,34 is double, do double after single! roles=replace(roles, chr(39),"''") roles=replace(roles, chr(34),"""") ' test this degree=request.form("degree") degree=replace(degree, chr(39),"''") degree=replace(degree, chr(34),"""") ' test this experi=request.form("experience") experi=replace(experi, chr(39),"''") experi=replace(experi, chr(34),"""") ' test this interests=request.form("interests") interests=replace(interests, chr(39),"''") interests=replace(interests, chr(34),"""") ' test this BldgRm=request.form("BldgRm") BldgRm=replace(BldgRm, chr(39),"''") BldgRm=replace(BldgRm, chr(34),"""") ' test this email=request.form("email") phone=request.form("phone") PersURL=request.form("PersURL") photoURL=request.form("photoURL") publishURL=request.form("publishURL") UQpublishURL=request.form("UQPublishURL") UQProjURL=request.form("UQProjURL") constr= "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=d:\Inetpub\websites\gpem\crssis\dbs\crssis.mdb" Set comdb = Server.CreateObject("ADODB.Connection") comdb.Open constr ' do NOT use single quotes in if ... if action="New" then SQLQuery = "INSERT into people (Name, Worder, Cat1, Roles, Degree, Field, Experience, Interests, Email, Phone, [Building Room], PersURL, PhotoURL, PublishURL, UQPublishURL, UQProjURL) VALUES ('" & name & "'," & worder & ",'" & cat1 & "','" & roles & "','" & degree & "','" & field & "','" & experi & "','" & interests & "','" & email & "','" & phone & "','" & BldgRm & "','" & PersURL & "','" & photoURL & "','" & publishURL & "','" & UQPublishURL & "','" & UQProjURL & "')" elseif action="Update" then SQLQuery = "Update people SET Name='" & name & "',worder=" & worder & ",cat1='" & cat1 & "',degree='" & degree & "',roles='" & roles & "',Field='" & Field & "',Experience='" & experi & "',Interests='" & interests & "',email='" & email & "',phone='" & phone & "',[Building Room]='" & BldgRm & "',PersURL='" & PersURL & "',PhotoURL='" & photoURL & "',PublishURL='" & PublishURL & "',UQPublishURL='" & UQPublishURL & "',UQProjURL='" & UQProjURL & "' where PersId=" & PersId elseif action="Delete" then SQLQuery = "DELETE from Persproj where PrsId=" & PersId Set crsli = comdb.Execute(SQLQuery) ' orphaned projects: SQLQuery = "Update projects SET Orphaned=True where ProjId not in (Select DISTINCT PrjId from PersProj)" Set crsli = comdb.Execute(SQLQuery) SQLQuery = "DELETE from people where PersId=" & PersId end if response.write "

" & SQLQuery & "

" Set crsli = comdb.Execute(SQLQuery) set comdb=nothing response.write "

If the SQL query shown above produced an error please report it to Jurgen, x56740.

" response.write " Edit another one
" response.write " CSER people
" %>