It is necessary whenever you are writing a SQL query in your ASP code, to guard against SQL injection, here are examples to use when in production mode:
If the field dEmployeeNumber in the DB is *NOT* a number:
Code:
SQL = "SELECT tEmployeeNumber, tTopic, tDepartment, tTime FROM tblSurvey "
& " WHERE tEmployeeNumber='" & Replace(dEmployeeNumber,"'","''") & "'"
If it *IS* a number:
Code:
SQL = "SELECT tEmployeeNumber, tTopic, tDepartment, tTime FROM tblSurvey "
& " WHERE tEmployeeNumber=" & CLNG(dEmployeeNumber)
with proper credit to Bill W from 4guysfromrolla
Thursday, October 29, 2009
Friday, October 9, 2009
function to format phone number field in form
Needed to format a phone number field as soon as the person typed it into the form, I like this solution:
(tag) script (endtag)
function formatPhone(fld)
{
var ph = fld.value.replace(/[^\d]/g, "" ); // zap all except digits
// if user entered the leading 1, just zap it
if ( ph.length == 11 && ph.charAt(0) == "1" ) ph=ph.substring(1);
if ( ph.length != 10 )
{
alert("Sorry, '" + fld.value + "' is not valid phone number");
return false;
}
fld.value = "(" + ph.substring(0,3) + ") " + ph.substring(3,6) + "-" + ph.substring(6);
return true;
}
(endtag)script(tag)
and it is called by:
onchange="formatPhone(this);" - or it could be used during validation....
(tag) script (endtag)
function formatPhone(fld)
{
var ph = fld.value.replace(/[^\d]/g, "" ); // zap all except digits
// if user entered the leading 1, just zap it
if ( ph.length == 11 && ph.charAt(0) == "1" ) ph=ph.substring(1);
if ( ph.length != 10 )
{
alert("Sorry, '" + fld.value + "' is not valid phone number");
return false;
}
fld.value = "(" + ph.substring(0,3) + ") " + ph.substring(3,6) + "-" + ph.substring(6);
return true;
}
(endtag)script(tag)
and it is called by:
onchange="formatPhone(this);" - or it could be used during validation....
Wednesday, October 7, 2009
Sending email using CDO and ASP on IIS7
Struggled with this one for a while, so I am posting here to remember the method.
Dim objMail, objMailConf
Set objMail = Server.CreateObject("CDO.Message")
Set objMailConf = Server.CreateObject("CDO.Configuration")
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 '2 for web server (1 is to sit in the pickup directory)
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/smtpserverpickupdirectory") = "c:\inetpub\mailroot\pickup"
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "postoffice.test.com"
objMailConf.fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 10
objMailConf.Fields.Update
Set objMail.Configuration = objMailConf
objMail.From = "webemail@somewhere.com"
objMail.To = "somemailbox@somewhere.com"
objMail.Cc = "someccuser@somewhere.com"
objMail.Subject = "Company Web Input"
objMail.htmlBody = EmailMessage
objMail.Fields.Update
objMail.Send
Set objMail = Nothing
Dim objMail, objMailConf
Set objMail = Server.CreateObject("CDO.Message")
Set objMailConf = Server.CreateObject("CDO.Configuration")
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 '2 for web server (1 is to sit in the pickup directory)
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/smtpserverpickupdirectory") = "c:\inetpub\mailroot\pickup"
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "postoffice.test.com"
objMailConf.fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMailConf.Fields.item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 10
objMailConf.Fields.Update
Set objMail.Configuration = objMailConf
objMail.From = "webemail@somewhere.com"
objMail.To = "somemailbox@somewhere.com"
objMail.Cc = "someccuser@somewhere.com"
objMail.Subject = "Company Web Input"
objMail.htmlBody = EmailMessage
objMail.Fields.Update
objMail.Send
Set objMail = Nothing
Subscribe to:
Posts (Atom)