This page builds up an Active Server Page to process the data from the 'add a name page'

An Active Server Page can contain script in several Scripting Languages. The default language, and the one that I choose to use is VBS (Visual Basic Script). To tell the IIS that you are using VBS we simply use a the start and end tags show in the Block below.



<%


%>




		

Before I forget, I had better tell you to include a "Locale Identifier" directive - suffice it to say, it helps you to get the correct dates in your DataBase tables (amongst other things!!).



<%

session.LCID = 2057


%>




		

The number indicates the Locale rules that you wish to apply for this page. 2057 is the number that indicates UK English.


Next some Comprehensive Validation of the data coming in is essential before you go on to put the data into a database.

I can just hear someone saying 'the validation has been done by JavaScript in the Web Page'. Well that is OK
BUT
there are some wicked and mischievous folks out in the big wide world. Folks who will try things out, just to prove that they can. Even worse, folks who will try things for malicious reasons, to cause the site owners and managers as much serious trouble as possible.

It is easy to Click on 'File --> SaveAs' in your browser. Then copy and modify the page to make a cloned copy of your own. The first thing to go will be the JavaScript validation.

A friend of mine was haviing serious trouble when his database was found to contain EMail addresses which did not contain an '@' sign. He told me that he was validating to ensure that it could not happen. Eventually, I found that the validation was in JavaScript in the web page and being done in the Clients (scattered all over the world) Browsers. We soon did a bit of forensic work and found a clone existed - and we blocked it !!

The moto must be that you MUST ALWAYS do Server Side Validation. You may also choose to do Client Side Validation to give faster response for the clients at their browsers.



<%

session.LCID = 2057


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section validates the data input.   '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("surname") = "" then
	Response.Write "Surname must be present.<BR>"
	Response.Write "Click on back in your Browser and try again"
	Response.End
end if

%>




		

You will see that the sample of Validation makes the 'Surname' a Mandatory field. Other fields may be validated in a similar manner.

Using the Response.Write and Response.End is a perfectly good, if a little utilitarian method of communicating with the Client sitting at the Browser using your Web Site.

I have devloped an 'Error Displaying' function which gets the messages from a DataBase table. This makes it very simple to change and to re-use message. It has also provided me with a means of displaying the messages in the native language of the user at the Browser. It would be too much of a digression to give a more detailed description in here. If you are interested, just ask and I will do my best to give you details.


Next we need to create a string that contains an SQL command to record the data in a DataBase Table. I am hoping and trusing that readers of this story have at least an elementary understanding of SQL commands - if not, it would be a good idea to take a break from this story to get some knowledge about that SQL.



<%

session.LCID = 2057


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section validates the data input.   '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("surname") = "" then
	Response.Write "Surname must be present.<BR>"
	Response.Write "Click on back in your Browser and try again"
	Response.End
end if


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section records the data input.     '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("public_cb") = "on" then
    lPublic = True
else
    lPublic = False
end if

    SQLStr = "INSERT INTO name ("

    SQLStr = SQLStr & "Title, "
    SQLStr = SQLStr & "Forenames, "
    SQLStr = SQLStr & "Surname, "
    SQLStr = SQLStr & "Honours, "
    SQLStr = SQLStr & "PublicInfo"

    SQLStr = SQLStr & ") values ("

    SQLStr = SQLStr & "'" & Replace(Request.Form("TITLE"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("FORENAMES"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("SURNAME"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("HONOURS"), "'", "''") & "', "
    SQLStr = SQLStr & " " & lPublic & ")"

%>




		

The variable SQLStr will contain the SQL command.

The Replace instruction is replacing single Blips with a pair of Blips - those of you that know about these things, will know why I do that - those that don't, wont !! It is beyond the scope of this story to explain it. Sorry !!

Dyslexia, Stupidity, Tiredness or Old Age sometimes causes me to get syntactical errors in the string. For that reason, I usually add a couple of lines. They stay commented out for most of the time, but when a syntactical error defeats me and the SQL Processor, they are quickly uncommented.



<%

session.LCID = 2057


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section validates the data input.   '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("surname") = "" then
	Response.Write "Surname must be present.<BR>"
	Response.Write "Click on back in your Browser and try again"
	Response.End
end if


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section records the data input.     '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("public_cb") = "on" then
    lPublic = True
else
    lPublic = False
end if

    SQLStr = "INSERT INTO name ("

    SQLStr = SQLStr & "Title, "
    SQLStr = SQLStr & "Forenames, "
    SQLStr = SQLStr & "Surname, "
    SQLStr = SQLStr & "Honours, "
    SQLStr = SQLStr & "PublicInfo"

    SQLStr = SQLStr & ") values ("

    SQLStr = SQLStr & "'" & Replace(Request.Form("TITLE"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("FORENAMES"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("SURNAME"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("HONOURS"), "'", "''") & "', "
    SQLStr = SQLStr & " " & lPublic & ")"


''Response.Write SQLStr
''Response.End


%>




		

Now we are ready to record the information into the DataBase Table. That is done by executing the SQL command string.

Before we can do that, we need to establish a connection to the DataBase Table.



<%

session.LCID = 2057


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section validates the data input.   '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("surname") = "" then
	Response.Write "Surname must be present.<BR>"
	Response.Write "Click on back in your Browser and try again"
	Response.End
end if


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section records the data input.     '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("public_cb") = "on" then
    lPublic = True
else
    lPublic = False
end if




DBCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=c:\inetpub\wwwroot\contacts\data\contacts.mdb"
''Response.Write DBCon
''Response.End
set Con = Server.CreateObject("ADODB.Connection")
Con.Open DBCon



    SQLStr = "INSERT INTO name ("

    SQLStr = SQLStr & "Title, "
    SQLStr = SQLStr & "Forenames, "
    SQLStr = SQLStr & "Surname, "
    SQLStr = SQLStr & "Honours, "
    SQLStr = SQLStr & "PublicInfo"

    SQLStr = SQLStr & ") values ("

    SQLStr = SQLStr & "'" & Replace(Request.Form("TITLE"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("FORENAMES"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("SURNAME"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("HONOURS"), "'", "''") & "', "
    SQLStr = SQLStr & " " & lPublic & ")"

''Response.Write SQLStr
''Response.End

    Set oRS = Con.Execute( SQLStr )


%>




		

And finally - I guess we should tell the Client that we have recorded their Information.



<%

session.LCID = 2057


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section validates the data input.   '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("surname") = "" then
	Response.Write "Surname must be present.<BR>"
	Response.Write "Click on back in your Browser and try again"
	Response.End
end if


'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''                                           '''
'''                                           '''
'''  This section records the data input.     '''
'''                                           '''
'''                                           '''
'''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''

if Request.Form("public_cb") = "on" then
    lPublic = True
else
    lPublic = False
end if



DBCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=c:\inetpub\wwwroot\contacts\data\contacts.mdb"
''Response.Write DBCon
''Response.End
set Con = Server.CreateObject("ADODB.Connection")
Con.Open DBCon



    SQLStr = "INSERT INTO name ("

    SQLStr = SQLStr & "Title, "
    SQLStr = SQLStr & "Forenames, "
    SQLStr = SQLStr & "Surname, "
    SQLStr = SQLStr & "Honours, "
    SQLStr = SQLStr & "PublicInfo"

    SQLStr = SQLStr & ") values ("

    SQLStr = SQLStr & "'" & Replace(Request.Form("TITLE"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("FORENAMES"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("SURNAME"), "'", "''") & "', "
    SQLStr = SQLStr & "'" & Replace(Request.Form("HONOURS"), "'", "''") & "', "
    SQLStr = SQLStr & " " & lPublic & ")"

''Response.Write SQLStr
''Response.End

    Set oRS = Con.Execute( SQLStr )

%>


Your Name Details have been recorded
<BR>
Thank you !!





		

You will not be surprised, I hope, to know that the two files described so far are not copies of real files that I have used. They have been created for the purposes of an example for this story.
BUT
They do really work !!


In the past, I have written such stories on one web page. One of the readers printed one out on paper - the paper was over fifty foot long. This time, Im using several pages to make it easier for readers to deal with. This page is just an Introduction to set the scene.

An index and links to the other pages is given below.