School of Geography, Planning and Architecture, The University of Queensland

CSER Project updater:

<% action=request.form("do") ProjId=request.form("ProjId") Title=request.form("Title") ' 39 is single quote,34 is double, do double after single! Title=replace(Title, chr(39),"''") Title=replace(Title, chr(34),"""") Principal=request.form("Principal") field=request.form("Field") description=request.form("description") description=replace(description, chr(13) & chr(10),"
") description=replace(description, chr(39),"''") description=replace(description, chr(34),"""") Funding=request.form("Funding") Funding=replace(Funding, chr(39),"''") Funding=replace(Funding, chr(34),"""") Timeframe=request.form("Timeframe") Timeframe=replace(Timeframe, chr(39),"''") Timeframe=replace(Timeframe, chr(34),"""") Weblink=request.form("Weblink") WebLText=request.form("WebLText") imageURL=request.form("imageURL") MapLocURL=request.form("MapLocURL") cat=request.form("cat") if cat>"" then rhd="True" else rhd="False" constr= "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=d:\Inetpub\websites\gpem\crssis\dbs\crssis.mdb" Set comdb = Server.CreateObject("ADODB.Connection") comdb.Open constr ' do NOT use single quotes in if ... if action="New" then SQLQuery = "INSERT into projects (Principal, Title, Description, ImageURL, Weblink, WebLText, MapLocURL, Funding, Timeframe, Field, Cat, RHD) VALUES ('" & principal & "','" & title & "','" & description & "','" & imageURL & "','" & weblink & "','" & WebLText & "','" & MapLocURL & "','" & funding & "','" & timeframe & "','" & field & "','" & cat & "'," & rhd & ")" elseif action="Update" then SQLQuery = "Update projects SET Principal='" & principal & "',Title='" & title & "',Description='" & description & "',ImageURL='" & imageURL & "',Weblink='" & weblink & "',WebLText='" & WebLText & "',MapLocURL='" & MapLocURL & "',Funding='" & Funding & "',Timeframe='" & timeframe & "',Field='" & Field & "',Cat='" & Cat & "',RHD=" & rhd & " where ProjId=" & ProjId elseif action="Delete" then SQLQuery = "DELETE from Persproj where PrjId=" & ProjId Set crsli = comdb.Execute(SQLQuery) SQLQuery = "DELETE from projects where ProjId=" & ProjId end if response.write "

" & SQLQuery & "

" Set crsli = comdb.Execute(SQLQuery) if action="New" then SQLQuery = "Select ProjId from projects where Title='" & title & "'" Set crsli = comdb.Execute(SQLQuery) ' should only return a single record: ProjId=crsli("ProjId") SQLQuery = "Select PersId from people where name='" & Principal & "'" Set crsli = comdb.Execute(SQLQuery) PersId=crsli("PersId") SQLQuery = "INSERT into PersProj (PrsId,PrjId) VALUES (" & PersId & "," & ProjId & ")" Set crsli = comdb.Execute(SQLQuery) end if set comdb=nothing response.write "

If the SQL query shown above produced an error please report it to Jurgen, x56740.

" if action<>"Delete" then response.write " Link this project to PEOPLE
" response.write " Edit another one
" response.write " CSER Research
" %>