T
teddysnips
A friend has been tasked with designing a website. It all looks very
swish, but he's been asked to add a page to allow people to register
for events etc. He wants to add some script to save these details to
a SQL Server database. Could someone please take a brief look at the
script below and tell me if this looks ok?
Thanks
Edward
<%
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Provider=SQLOLEDB.1;Password=pwd;Persist Security
Info=True;User ID=uid;Initial Catalog=Test;Data
Source=YOURSERVERHERE;"
sqlstring = "INSERT INTO UserDetails (UserName, Tel, Email) VALUES
('"
sqltemp = document.getElementById('UserName').value
sqlstring = sqlstring + sqltemp + "', '"
sqltemp = document.getElementById('Tel').value
sqlstring = sqlstring + sqltemp + "', '"
sqltemp = document.getElementById('Email').value
sqlstring = sqlstring + sqltemp + "', ')"
conn.execute(sqlstring)
conn.close
set conn = nothing
%>
swish, but he's been asked to add a page to allow people to register
for events etc. He wants to add some script to save these details to
a SQL Server database. Could someone please take a brief look at the
script below and tell me if this looks ok?
Thanks
Edward
<%
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Provider=SQLOLEDB.1;Password=pwd;Persist Security
Info=True;User ID=uid;Initial Catalog=Test;Data
Source=YOURSERVERHERE;"
sqlstring = "INSERT INTO UserDetails (UserName, Tel, Email) VALUES
('"
sqltemp = document.getElementById('UserName').value
sqlstring = sqlstring + sqltemp + "', '"
sqltemp = document.getElementById('Tel').value
sqlstring = sqlstring + sqltemp + "', '"
sqltemp = document.getElementById('Email').value
sqlstring = sqlstring + sqltemp + "', ')"
conn.execute(sqlstring)
conn.close
set conn = nothing
%>