<%@LANGUAGE="VBSCRIPT"%><%
' *** Insert Record: construct a sql insert statement and execute it
MM_editAction = CStr(Request("URL"))
If (Request.QueryString <> "") Then
MM_editAction = MM_editAction & "?" & Request.QueryString
End If
If (CStr(Request("MM_insert")) <> "") Then
MM_tableName = "profile"
MM_fields = "name,name,',none,'',email,email,',none,'',city,city,',none,'',state,state,',none,'',country,country,',none,'',message,message,',none,''"
MM_redirectPage = "thanks.asp"
' create the insert sql statement
MM_tableValues = ""
MM_dbValues = ""
MM_fieldsArray = Split(MM_fields, ",")
For i = LBound(MM_fieldsArray) To UBound(MM_fieldsArray) Step 5
FormVal = CStr(Request.Form(MM_fieldsArray(i)))
Delim = MM_fieldsArray(i+2)
If (Delim = "none") Then Delim = ""
AltVal = MM_fieldsArray(i+3)
If (AltVal = "none") Then AltVal = ""
EmptyVal = MM_fieldsArray(i+4)
If (EmptyVal = "none") Then EmptyVal = ""
If (FormVal = "") Then
FormVal = EmptyVal
Else
If (AltVal <> "") Then
FormVal = AltVal
ElseIf (Delim = "'") Then ' escape quotes
FormVal = "'" & Replace(FormVal,"'","''") & "'"
Else
FormVal = Delim + FormVal + Delim
End If
End If
If (i <> LBound(MM_fieldsArray)) Then
MM_tableValues = MM_tableValues & ","
MM_dbValues = MM_dbValues & ","
End if
MM_tableValues = MM_tableValues & MM_fieldsArray(i+1)
MM_dbValues = MM_dbValues & FormVal
Next
MM_insertStr = "insert into " & MM_tableName & " (" & MM_tableValues & ") values (" & MM_dbValues & ")"
' finish the sql and execute it
Set MM_insertCmd = Server.CreateObject("ADODB.Command")
MM_insertCmd.ActiveConnection = "dsn=mos;"
MM_insertCmd.CommandText = MM_insertStr
MM_insertCmd.Execute
' redirect with URL parameters
If (MM_redirectPage = "") Then
MM_redirectPage = CStr(Request("URL"))
End If
If (InStr(1, MM_redirectPage, "?", vbTextCompare) = 0 And (Request.QueryString <> "")) Then
MM_redirectPage = MM_redirectPage & "?" & Request.QueryString
End If
Call Response.Redirect(MM_redirectPage)
End If
%>
Guest Book