How to save ASP forms to your database

how do you save your ASP Form to your database ?

I`ve got like this:(I know it`s dutch...)
(the file is called project_edit.asp)

if someone renames the project_naam (project_name) I want it to update the database with that name.

<!-- #include file = inc/basicFunctions.asp -->

<%
dim project_id

project_id = request("project_id")

mySQL = "SELECT project_id, project_naam, opdracht, toepassingen, klant_naam FROM tbl_project P LEFT JOIN tbl_klant K on K.klant_id=P.klant_id WHERE project_ID = '" & project_ID & "'"
set myRecSet = conn.execute(mySQL)

%>

<form name="edit" method="post" "project_edit.asp">

<input type="text" name="project" value="<%=myrecSet(1)%>"><P>

<textarea cols="70" rows="10" name="opdracht"><%=myrecSet(2)%>
cleanyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cleanyAuthor Commented:
the rest is...

</textarea><p>
<textarea cols="70" rows="20" name="toepassingen"><%=myrecSet(3)%></textarea><p>
<input type="submit" name="GO!">

</form>
0
IeuanJCommented:
Add your project_id to the form as a hidden input

<input type="hidden" name="project_id" value="<% project_id & %>">

Then you need to set up the recieving page to do this with code similar to below.

<!-- #include file = inc/basicFunctions.asp -->
<%
dim project_name
dim project_id
project_name = Request.Form("project")
project_id = Request.Form("project_id")
mySQL = "UPDATE tbl_project set project_name = '" & project_name & "' WHERE project_id = '" & project_id & "'"
set myRecSet = conn.execute(mySQL)
%>

I'm sure you can work out how to fit this into your code.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RanaHossainCommented:
hold on... hold on... this is very very risky.. and this is why...

think of someone editing the html, and submitting the following....

<input type="hidden" name="project_id" value="1;delete from project WHERE 1=1">

this is one example... one can think of a lot more.... the moral of the story is

NEVER EVER PASS FORM DATA STRAIGHT TO DATABASE WITHOUT CHECKING...................

you can do a quick check like
project_id = Request.Form("project_id")
if isNumeric(project_id) and project_id <> "" then
   if project_id <> "0" then
      ' we have a valid ID here
   end if
end if

check before getting near the database... always.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

IeuanJCommented:
Of course you should always run as many checks and security features as you see fit, but that was not the question asked Rana.
0
cleanyAuthor Commented:
thanx
0
cleanyAuthor Commented:
the identity was set to yes, so it`s really not a problem, but thanx anyway.
0
RanaHossainCommented:
leauanJ,

no it was not the question, but an implementation. I would never suggest a fix with security flaws to a friend.
0
COBOLdinosaurCommented:
This question has been classified abandoned. I will make a recommendation to the
moderators on its resolution in a week or two. I appreciate any comments
that would help me to make a recommendation.

<note>
Unless it is clear to me that the question has been answered I will recommend delete.  It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
</note>

If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp


Cd&

0
COBOLdinosaurCommented:
It is time to clean this abandoned question up.

I am putting it on a clean up list for CS.

<recommendation>
points to IeaunJ  -- Grade B

</recommendation>

If anyone participating in the Q disagrees with the recommendation,
please leave a comment for the mods.

Cd&

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.