Sql server 使用复选框将结果返回到SQL Server
我在ASP Classic中有以下代码:Sql server 使用复选框将结果返回到SQL Server,sql-server,checkbox,asp-classic,Sql Server,Checkbox,Asp Classic,我在ASP Classic中有以下代码: <% dim prac_id prac_id = Request.Form("Practice_ID") dim surname_id surname_id = Request.Form("clientsurname") If prac_id <> "" And IsNumeric(prac_id) AND surname_id <>"" then Set Conn = Server.CreateObject("ADODB
<%
dim prac_id
prac_id = Request.Form("Practice_ID")
dim surname_id
surname_id = Request.Form("clientsurname")
If prac_id <> "" And IsNumeric(prac_id) AND surname_id <>"" then
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.open "claims","username","password"
strSQL = "SELECT * FROM (Claim_Status INNER JOIN PI_Agents ON Claim_Status.Agent_ID = PI_Agents.Agent_ID) INNER JOIN Statuses on Claim_Status.Status_ID = Statuses.Status_ID WHERE Practice_ID = '"&prac_id&"' AND Client_Surname LIKE '%" & surname_id & "%'"
set rs = Conn.Execute (strSQL)
%>
<html>
<head>
<title>PI Accepts - Results</title>
</head>
<body>
<a href="default.asp" title="Home Page">Home Page</a>
<form method="POST" action="result.asp" name="form1">
<td width="10">
<select name="Practice_ID" size="1" ID="Prac">
<option value="0">Select Practice</option>
<option value="1">HCL</option>
<option value="2">Silverbeck</option>
<option value="3">TPF</option>
<option value="4">Express</option>
</select>
</td>
<p> Client Surname </p>
<input type="text" name="clientsurname" value="" />
<tr>
<td> </td>
<td colspan="2"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</form>
<table border="1">
<form>
<tr><th>Claim ID</th><th>Date</th><th>Agent</th><th>Client First Name</th><th>Client Surname</th><th>Client Number</th><th>Current Status</th><th>Accepted</th><th>Rejected</th></tr>
<% DO WHILE NOT rs.EOF %>
<tr><td><% Response.Write rs("ID_Ref") %></td><td><% Response.Write rs("Date_Passed") %></td><td><% Response.Write rs("Agent_Name") %></td><td><% Response.Write rs("Client_First_Name") %></td><td><% Response.Write rs("Client_Surname") %></td><td><% Response.Write rs("Main_Number") %></td><td><% Response.Write rs("Status") %></td>
<td><input type="checkbox" name="accepted" id="<%= rs("ID_Ref")%>" value="1"></td><td> <input type="checkbox" name="rejected" id="<%= rs("ID_Ref")%>" value="2"></td><td><input type="submit" name="editclaim" value="Submit"></td></tr>
</form>
<%
rs.MoveNext
Loop
%>
</table>
if request.form("accepted") <>""then
update Claim_Status SET Status_ID=1 WHERE ID_Ref=
<%
conn.Close
Set conn = Nothing
End IF
%>
</body>
</html>
PI-结果
选择实践
盐酸
西尔弗贝克
TPF
快车
客户姓氏
索赔IDDateAgentClient名字客户端姓氏客户端号码当前状态AcceptedRejected
如果请求。表格(“已接受”)“则
更新索赔\u状态集状态\u ID=1,其中ID\u Ref=
感谢您的帮助!!这里有一些问题。您在循环外部有表单打开标记,但在循环内部有表单关闭标记。您希望用户一次提交多行还是一次提交一行。我假设您在每行都有一个提交按钮,您希望用户一次提交一行 如果是这种情况,那么您应该在循环中移动formopen标记,并添加一个隐藏字段来标识行
<% DO WHILE NOT rs.EOF %>
<form method="POST" action="result.asp">
<input name="idref" value="<%= rs("ID_Ref") %>">
<tr>
<td><% Response.Write rs("ID_Ref") %></td>
<td><% Response.Write rs("Date_Passed") %></td>
<td><% Response.Write rs("Agent_Name") %></td>
<td><% Response.Write rs("Client_First_Name") %></td>
<td><% Response.Write rs("Client_Surname") %></td>
<td><% Response.Write rs("Main_Number") %></td>
<td><% Response.Write rs("Status") %></td>
<td><input type="checkbox" name="accepted" id="<%= rs("ID_Ref")%>" value="1"></td>
<td><input type="checkbox" name="rejected" id="<%= rs("ID_Ref")%>" value="2"></td>
<td><input type="submit" name="editclaim" value="Submit"></td>
</tr>
</form>
<%
rs.MoveNext
Loop
%>
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.open "claims","username","password"
strSQL = "SELECT * FROM (Claim_Status INNER JOIN PI_Agents ON Claim_Status.Agent_ID = PI_Agents.Agent_ID) INNER JOIN Statuses on Claim_Status.Status_ID = Statuses.Status_ID WHERE Practice_ID = '"&prac_id&"' AND Client_Surname LIKE '%" & surname_id & "%'"
set rs = Conn.Execute (strSQL)
DO WHILE NOT rs.EOF
intStatusID = 0
If Request.Form("accepted-" & rs("ID_Ref")) = "1" Then
'Accepted was checked
intStatusID = 1
End If
If Request.Form("rejected-" & rs("ID_Ref")) = "2" Then
'Accepted was checked
intStatusID = 2
End If
'Your update query here
strSQL = "UPDATE Claim_Status SET Status_ID = " & intStatusID & " WHERE Ref_Id = " & rs("ID_Ref")
Conn.Execute strSQL
rs.MoveNext
Loop
希望你能从上面得到这个想法。EEK!!!查找sql注入。你的代码是完全开放的!!!你需要使用存储过程或参数化查询。对于这一点,你是全新的,所以从未听说过sql注入,你会对它进行适当的研究,但快速的google让我相信这是一个黑客类型的东西,这个网站的目的是一个新的领域仅由2或3名员工(其中一名为我)长期使用所以不确定它需要多大程度的保护?无论哪种方式,你现在都应该养成良好的习惯。特别是因为你说你是新来的。如果你只选择你需要的列,而不是使用select*,你也会获得更好的性能。我试过了,但它一直告诉我,我加入的列不是有效的列(或类似的东西)。当使用Select*时,它起了作用,所以我同意了。正确的修复方法是修复错误,而不是使用Select*。但是…让我们关注您的问题,不要偏离主题。您好,非常感谢,现在有一个问题…在更新页面上,我如何编写更新代码-更新声明\u状态集状态\u ID=(iDyReF=)(i如何告诉它为选中的复选框更新RefID)?我在上面的一个例子中添加了一个更新查询的例子。如果StasuSuID应该是1或2,这取决于选择哪一个复选框,那么你应该考虑使用输入类型=“无线电”,所以两者都不能被选择。
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.open "claims","username","password"
strSQL = "SELECT * FROM (Claim_Status INNER JOIN PI_Agents ON Claim_Status.Agent_ID = PI_Agents.Agent_ID) INNER JOIN Statuses on Claim_Status.Status_ID = Statuses.Status_ID WHERE Practice_ID = '"&prac_id&"' AND Client_Surname LIKE '%" & surname_id & "%'"
set rs = Conn.Execute (strSQL)
DO WHILE NOT rs.EOF
intStatusID = 0
If Request.Form("accepted-" & rs("ID_Ref")) = "1" Then
'Accepted was checked
intStatusID = 1
End If
If Request.Form("rejected-" & rs("ID_Ref")) = "2" Then
'Accepted was checked
intStatusID = 2
End If
'Your update query here
strSQL = "UPDATE Claim_Status SET Status_ID = " & intStatusID & " WHERE Ref_Id = " & rs("ID_Ref")
Conn.Execute strSQL
rs.MoveNext
Loop
For Each key in Request.Form
If Left(key, 10) = "accepted-" Or Left(key, 10) = "rejected-" Then
refid = Mid(key, 9) 'get the id
If Left(key, 10) = "accepted-" Then
If Request.Form(key) = "1" Then
'accepted checkbox checked, do your update query
End If
Else
If Request.Form(key) = "2" Then
'accepted checkbox checked, do your update query
End If
End If
End If
Next