problem in retrieving records based on multiple form values from database in ASP?
I am not able to retrieve records from Oracle based on multiple inputs.
Here is my code:
Search.asp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SearchMDFnode</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#99CCFF">
<p align="center"><font color="#9966CC" size="5" face="Georgia, Times New Roman, Times, serif"><strong>Records</strong></font></p>
<style>
A:link {text-decoration: none;color: blue;}
A:visited {text-decoration: none;}
A:hover {text-decoration:underline; color: red;}
</style>
<script>
function updateDate(fname){
var instDate = showModalDialog('upd_date.html','Select Date','dialogHeight:375px;dialogWidth:287px;status:no;resizable:no;help:no;');
if (instDate == -1 || instDate == null){
alert("You did not select any date.")
fname.focus()
} else {
fname.value = instDate
}
}
function findNull(frm,tname,optnull,optorder){
var nfname = optnull.value
var ofname = optorder.value
frm.action = "MDFnodeDisplayTable.asp?opt=" + tname + "&nfield=" + nfname + "&order=" + ofname
frm.submit()
}
</script>
<form name="SearchMDFnode" action="Display.asp?opt=MDFnode" method="post">
<table width="68%" border="1" align="center" cellpadding="3" cellspacing="2">
<table width="94%" border="1" align="center" cellpadding="3" cellspacing="2">
<tr>
<td width="19%">CCP_CODE</td>
<td width="22%"><strong>
<select name="CCP_CODE" id="select4" title="BLOCK_HOUSE">
<option></option>
<option>AM</option>
<option>AR</option>
<option>BD</option>
<option>BP</option>
<option>CG</option>
<option>CT</option>
<option>CY</option>
<option>ES</option>
<option>GL</option>
<option>HG</option>
<option>JE</option>
<option>JR</option>
<option>JW</option>
<option>KT</option>
<option>NT</option>
<option>OC</option>
<option>PL</option>
<option>QT</option>
<option>TB</option>
<option>TP</option>
<option>TS</option>
</select>
</strong></td>
<td width="19%">NODE_SITE_ID</td>
<td width="40%"><strong>
<input name="NODE_SITE_ID" type="text" id="NODE_SITE_ID" size="10" maxlength="10" title="NODE_SITE_ID(max 7 digits)">
</strong></td>
</tr>
<tr>
<td>STREET_NAME</td>
<td><strong>
<input name="STREET_NAME" type="text" id="STREET_NAME" size="30" maxlength="30" title="STREET_NAME(max 30 digits)">
</strong></td>
<td>BUILDING_NAME</td>
<td><strong>
<input name="BUILDING_NAME" type="text" id="BUILDING_NAME" size="25" maxlength="25" title="BUILDING_NAME(max 7 digits)">
</strong></td>
</tr>
<tr>
<td height="38">BLOCK_HOUSE</td>
<td><strong>
<select name="BLOCK_HOUSE" id="select3" title="BLOCK_HOUSE">
<option></option>
<option>BLOCK</option>
<option>HOUSE</option>
</select>
</strong></td>
<td>BLOCK_DESC_NO</td>
<td><strong>
<input name="BLOCK_DESC_NO" type="text" id="BLOCK_DESC_NO" size="6" maxlength="6" title="BLOCK_DESC_NO(max 6 digits)">
</strong></td>
</tr>开发者_如何学运维;
<tr>
<td>REMARK</td>
<td><strong>
<input name="REMARK" type="text" id="REMARK" size="50" maxlength="50" title="REMARK(max 50 char)">
</strong></td>
<td>EQ_RM</td>
<td><strong>
<input name="EQ_RM" type="text" id="EQ_RM" size="3" maxlength="3" title="EQ_RM(max 6 digits)">
</strong></td>
</tr>
<tr>
<td>TYPE</td>
<td><strong>
<select name="EQ_TY" id="select" title="EQ_TY">
<option>CE</option>
<option></option>
</select>
</strong></td>
<td>CE_TY</td>
<td><strong>
<input name="CE_TY" type="text" id="CE_TY" size="10" maxlength="10" title="CE_TY(max 6 digits)">
</strong></td>
</tr>
<tr>
<td height="32">STATUS</td>
<td><strong>
<select name="STATUS" id="select2" title="EQ_TY">
<option></option>
<option>-</option>
<option>Site Survey</option>
<option>Survey Done</option>
<option>Document Sent</option>
<option>Equipment Installed</option>
<option>Commissioned</option>
<option>Cancelled</option>
</select>
</strong></td>
<td>NO</td>
<td><strong>
<input name="NO" type="text" id="NO" size="3" maxlength="3" title="NO (max 7 digits)">
<input name="UNIT_DESC_NO" type="text" id="UNIT_DESC_NO" size="2" maxlength="2" title="UNIT_DESC_NO (max 1 digits)">
<input name="NO_ME_CCTS" type="text" id="NO_ME_CCTS" size="2" maxlength="2" title="NO_ME_CCTS (max 2 digits)">
<input name="Rack" type="text" id="Rack" size="2" maxlength="2" title="Rack (max 1 digits)">
<input name="INSTALL_BY" type="text" id="INSTALL_BY" size="2" maxlength="2" title="INSTALL_BY (max 2 digits)">
</strong></td>
</tr>
<td height="32"><font color="#000000" size="3" face="Georgia, Times New Roman, Times, serif">Order By</font></td>
<td colspan="5"><select name="oMDFnode">
<option value="STATUS">STATUS</option>
<option value="NO">NO</option>
<option value="CCP_CODE">CCP_CODE</option>
<option value="CCP_CODE">NODE_SITE_ID</option>
</select>
<select name="orMDFnode" id="orMDFnode">
<option value="NO">NO</option>
<option value="STATUS">STATUS</option>
<option value="CCP_CODE">CCP_CODE</option>
<option value="CCP_CODE">NODE_SITE_ID</option>
</select>
<select name="ordMDFnode" id="ordMDFnode">
<option value="CCP_CODE">NODE_SITE_ID</option>
<option value="CCP_CODE">NO</option>
<option value="CCP_CODE">STATUS</option>
<option value="CCP_CODE">CCP_CODE</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Search">
<input type="reset" name="reset" value="Clear">
</p>
</form>
<form name="commNull" method="post">
<tr>
<td height="56" colspan="4"><div align="center">
</div></td>
</tr>
</form>
</body>
</html>
Display.asp
<% option explicit %>
<!-- METADATA TYPE = "typelib" File = "c:\Program Files\Common Files\System\ado\msado15.dll" -->
<%
dim strTitle
dim strF, fname, ropt, j, i, sno, ropt1
dim objRS, strQuery, strConn, strSort,strQuery1
dim strHref
dim nodesiteid
'dim eq_ty
'ropt1 = request("opt1")
ropt = request("opt")
'eq_ty = request("EQ_TY")
nodesiteid = request("NODE_SITE_ID")
strQuery1 = request("NODE_SITE_ID")
Set objRS = Server.CreateObject("ADODB.Recordset")
strConn = "Provider=MSDAORA.1;Password=hr;User ID=hr;Data Source=xe;Persist Security Info=True"
strSort = ""
strF = "CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS, NO_ME_CCTS" 'these were fields in sql table as well as input name in form
fname= split(strF,",",-1,vbtextcompare) 'split the above string to individual field
if trim(strQuery1) ="" then
strQuery = "select rowid,CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS from MDF_NODE where CCP_CODE = CCP_CODE"
else
strQuery = "select rowid,CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS from MDF_NODE where CCP_CODE = CCP_CODE and NODE_SITE_ID="
strQuery = strQuery & "'" & strQuery1 & "'"
end if
strSort = " order by " & request("oMDFnode") & "," & request("orMDFnode") & "," & request("ordMDFnode")
strTitle = "Summary of Carrier Ethernet Node"
if trim(request("nfield"))= "" then
j=0
for i= 0 to ubound(fname)
if request(fname(i)) <> "" then 'process if user input value in field
if j=0 then
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " '1st field shd start with where clause
j = j + 1
else
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " 'rest shd start with and clause
j = j + 1
end if
end if
next
strQuery = strQuery & strSort
else
strQuery = strQuery & " where " & trim(request("nfield")) & " is null order by " & trim(request("order"))
end if
objRS.Open strQuery, strConn,adOpenStatic,adLockOptimistic,adCmdText 'open recordset query oracle database
if objRS.eof then
objRS.close
set objRS = nothing
response.write "<script>alert('No Rows Selected')</script>" 'if eof mean NO data return
response.write "<script>history.back()</script>"
else
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SdhTermDisplayTable2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#99CCFF"><div align="center">
<p align="left"><strong>
<p> </p>
<p>
</p>
</strong>
<table width=945 align="center">
<tr class="nonPrint" height=30>
<td width="646" nowrap style="vertical-align:middle;font:bolder 12pt verdana;" >
<strong> <font size="4" face="Georgia, Times New Roman, Times, serif"> </font><font size="4" face="Georgia, Times New Roman, Times, serif">
Records/font></strong></td>
</table>
<strong>
<%
if trim(request("nfield"))= "" then
j=0
for i= 0 to ubound(fname)
if request(fname(i)) <> "" then 'process if user input value in field
if j=0 then
strQuery = strQuery & " where " & fname(i) & " like '" & request(fname(i)) & "' " '1st field shd start with where clause
j = j + 1
else
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " 'rest shd start with and clause
j = j + 1
end if
end if
next
strQuery = strQuery & strSort
else
strQuery = strQuery & " where " & trim(request("nfield")) & " is null order by " & trim(request("order"))
end if
if objRS.eof then
objRS.close
set objRS = nothing
response.write "<script>alert('No Rows Selected')</script>" 'if eof mean NO data return
response.write "<script>history.back()</script>"
else
call drawHeader(ropt)
objRS.movefirst
sno = sno + 1
do until objRS.eof
call drawB(fname)
sno = sno + 1
objRS.movenext
loop
objRS.close
set objRS = nothing
end if
sub drawHeader(ropt)
response.write "<table id='tbl' table border=1 bordercolor='black' bgcolor='LavenderBlush' cellpadding=1 cellspacing=0 align=center style='BORDER-COLLAPSE: collapse;'>"
select case ropt
case "MDFnode"
response.write "<tr height=20><td><b>SNo</b></td>"
response.write "<td style='font:bold 11pt;' width=50>Exch</b></td><td><b>Cabinet</b></td><td><b>Street Name</b></td><td><b>BLK/HSE</b></td><td><b>No</b></td><td><b>Unit</b></td><td><b>Building Name</b></td><td><b>Room</b></td><td><b>Type</b></td><td><b>Equipment Type</b></td><td><b>Rack</b></td><td><b>Inst By</b></td><td><b>Status</b></td><td><b>ID</b></td><td><b>RFS Date</b></td><td><b>Remark</b></td><td><b>No of ccts</b></td>"
end select
response.write"</tr>"
end sub
response.write"</table>"
sub drawbody(ropt)
response.write "<tr>"
select case ropt
case "MDFnode"
for i= 0 to 10
response.write "<td>" & i & "</td>"
next
end select
response.write"</tr>"
end sub
sub drawB(ofname)
response.write "<tr>"
for i = 0 to ubound(ofname)
if isnull(objRS(i)) then
response.write "<td> </td>"
else
if i = 0 then
strHref = "<a href='e_" & ropt & ".asp?tname=" & ropt & "&rowid=" & server.URLEncode(trim(objRS("rowid"))) & "'>" & sno & "</a>"
response.write "<td style='font:normal 12pt Arial;'>" & strHref & "</td>"
else
response.write "<td style='font:normal 12pt Arial;'>" & trim(objRS(i)) & "</td>"
end if
end if
next
response.write "</tr>"
end sub
end if
response.write"</table>"
%>
</strong></p> </div>
<div align="center">
<input type="button" value="Save as Excel" onClick="vbscript:xlsReport()">
</div>
</p>
</body>
</html>
<script language="VBScript">
dim r, c, colcnt,row
sub xlsReport()
window.status = "Export to Excel ... Please Wait ..."
dim rownow
colcnt = tbl.cells.length / tbl.rows.length
set xls = createobject("Excel.Application")
xls.visible = true
xls.workbooks.add
xls.worksheets.add
for c = 0 to colcnt - 1
xls.cells(3,c+1).value = tbl.rows(0).cells(c).innerText
next
row = 3
for r = 1 to tbl.rows.length -1
for c = 0 to colcnt - 1
xls.cells(row+r,c+1).value = tbl.rows(r).cells(c).innerText
next
next
xls.cells(1,1).value = txtRpt.innerText
set xls = nothing
window.status = "Done"
end sub
</script>
</div>
I am getting records based on CCP_Code and NODE_SITE_ID values.
Now I want to retrieve values only based on TYPE = 'CE' but I am not able to do this.
When I didn't select anything by default the TYPE value is 'CE'. Click submit and it gives me only type CE values.
When I give CCp_code with TYPE = empty then it should give me all the records based on CCP_Code.
When I select CCP_CODE and NODE_SITE_ID it should give me values based on both.
When I select CCP_CODE, NODE_SITE_ID and TYPE='CE' then it should give me values based on these values.
You need to Google "SQL injection" for a start.
strQuery = strQuery & "'" & strQuery1 & "'"
But as a start I'd log the contents of "strQuery" just before the objRS.Open Once you can see the query text, it should be easy to say why rows were or were not returned.
加载中,请稍侯......
精彩评论