2

我有一个页面显示包含用户信息的用户表。我希望能够通过单击每行末尾的按钮来更新表中的一行。我对编码完全陌生,所以如果有人可以帮助我并将他们的答案“简化”一点,我将非常感激。

谢谢!

这是我尝试过的代码,但似乎无法让它工作。

<html>
<body>

<%
Dim conn, oRs, ID, sql
Set Conn=Server.CreateObject("ADODB.Connection")
ID = Request.Form("ID")

If Request.Form("ID")="" then
  Set oRs=Server.CreateObject("ADODB.Recordset")
  oRs.open "SELECT * FROM tICTStaff WHERE ID ='" & ID & "'",Conn
  %>
  <form method="post" action="employeeUpdate.asp">
  <table>
  <%for each x in oRs.Fields%>
  <tr>
  <td><%=x.name%></td>
  <td><input name="<%=x.name%>" value="<%=x.value%>"></td>
  <%next%>
  </tr>
  </table>
  <br /><br />
  </form>
<%
Else
  sql="UPDATE table_name SET "
  sql=sql & "Forename ='" & Request.Form("Forename") & "',"
  sql=sql & "Surname ='" & Request.Form("Surname") & "',"
  sql=sql & "Active ='" & Request.Form("Active") & "',"
  sql=sql & "Address ='" & Request.Form("Address") & "',"
  sql=sql & "DOB ='" & Request.Form("DOB") & "',"
  sql=sql & " WHERE ID ='" & ID & "'"
  on error resume next
  Conn.Execute sql
  If err<>0 then
        Response.Write("Error updating Record!")
  Else
        Response.Write("Record " & ID & " was updated!")
  End If
End if
Conn.close
%>
<meta HTTP-EQUIV="REFRESH" content="0; url=Page.index.asp?msg=The record has been updated!">
</body>
</html>
4

1 回答 1

0

You have several problems in your script.

  1. SQL injection! Inform yourself about SQL injection and rewrite your entire script to avoid that! Do it first before you do anything else.
  2. You are testing if Request.Form("ID") is "". But in your select you are using it although it is an empty string.
  3. When using on error resume next in classic asp, you have to "switch off" error handling by using on error goto 0. Otherwise the on error resume next will be used for the rest of your script.
  4. What are you trying to achieve by that refresh meta tag?

My suggestion to you is the following:

  1. Read about about SQL injection.
  2. Try to make a page which just lists the records from tICTStaff.
  3. Then make a second page for editing those records. When you click on the edit button on the first page, navigate to your edit page and load that specific record from tICTStaff.
  4. On your edit page, make a comfortable form and implement the update routine for that specific record.

On your overview site make links like so:

<%
Set oRs = Server.CreateObject("ADODB.Recordset")
oRs.open "SELECT * FROM tICTStaff", Conn
do while not oRS.eof %>
  <tr>
    <td></td>
    <td></td>
    <td></td>
    <td><a href="update.asp?id=<%=oRS.fields("ID").value%>">link to detail/update page</a></td>
  </tr>
  <% oRS.movenext
loop %>

on your update.asp page load the record with the id from the querystring and display the form like so:

<%
dim myID : myID = request.querystring("ID")
if myID = "" then myID = request.form("ID")

' update record
if request.form("submit01") = "update" then
  sql = "update tICTStaff set fieldName1 = ? WHERE ID = ?"
  set cmd = server.createobject("adodb.command")
  cmd.activeconnection = Conn
  cmd.CommandType = adCmdText
  cmd.commandtext = sql

  cmd.parameters.append cmd.createparameter("fieldName1", adVarchar, , 512, request.form("fieldName1") )
  cmd.parameters.append cmd.createparameter("id", adInteger, , , myID )
  set oRS = cmd.execute
end if


' load record
sql = "select * from tICTStaff where id = ?"

set cmd = server.createobject("adodb.command")
cmd.activeconnection = Conn
cmd.CommandType = adCmdText
cmd.commandtext = sql
cmd.parameters.append cmd.createparameter("id", adInteger, , , myID )
set oRS = cmd.execute

' now you have a recordset with the record from tICTStaff with the ID
%>
<!-- display the form -->
<form name="" method="post">
<input type="hidden" name="id" value="<%=myID%>">

<!-- more fields to be edited -->
<input type="text" name="fieldName1" value="<%=oRS.fields("fieldName1").value%>">

<input type="submit" name="submit01" value="update">
</form>

completely different solution (ajax based):

As you want some kind of "mass update" function for the whole table, try jQuery with an AJAX call. So, on click of the button at the end of each row, you send an AJAX request to your ASP site with the values of the input fields and the ID of the record (the primary key of the tICTStaff table).

On the ASP page, you process the AJAX request and generate an UPDATE statement to update the tICTStaff table like so:

UPDATE tICTStaff
SET fldname1 = fldVal1, fldname2 = fldVal2
WHERE ID = postedID

To read about jQuery AJAX, have a look here.

于 2012-12-18T11:24:09.177 回答