<% ' *********************************************************** ' ** ' ** 616 10/28/06 correct handling of strings containing apostrophes ' ** ' *********************************************************** Dim ConnStr Dim Conn Dim rs Dim SQL Dim ID Dim TableName Dim ColumnName Dim KeyID Dim TranDate Dim DataType Dim Data Dim HTML Dim PromaryKey dim strErrorMsg strErrorMsg = "" On Error Resume Next ' *************************************** ' Set query values ' *************************************** ID = Request.QueryString("ID") ID = trim(ID) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "The field ID is not valid.
" & vbCrLf Err.Clear End If KeyID = Request.QueryString("KeyID") KeyID = trim(KeyID) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "The field KEYID is not valid.
" & vbCrLf Err.Clear End If TableName = Request.QueryString("TableName") TableName = trim(tableName) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "The field TABLENAME is not valid.
" & vbCrLf Err.Clear End If ColumnName = Request.QueryString("ColumnName") ColumnName = trim(ColumnName) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "The field COLUMNNAME is not valid.
" & vbCrLf Err.Clear End If DataType = Request.QueryString("DataType") DataType = trim(DataType) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "The field DATA TYPE is not valid.
" & vbCrLf Err.Clear End If Data = Request.QueryString("Data") Data = trim(Data) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "The field DATA is not valid.
" & vbCrLf Err.Clear End If ' *************************************** ' Connect to Database ' *************************************** IF strErrorMsg = "" then connectdb If Err.number <> 0 Then strErrorMsg = strErrorMsg & "Unable to connect to database.
" Err.Clear End If end if ' *************************************** ' Determine Primary Key ' *************************************** IF strErrorMsg = "" then select case(TableName) case "Case" PrimaryKey = "CaseID" case "tCase" PrimaryKey = "CaseID" case "Collector" PrimaryKey = "CollectorID" case "Condition" PrimaryKey = "ID" case "Rdex" PrimaryKey = "ID" case "TranLog" PrimaryKey = "ID" case "Team" PrimaryKey = "ID" case "Track" PrimaryKey = "TrackID" case "Employee" PrimaryKey = "EmpID" case "Client" PrimaryKey = "ClientID" case "Company" PrimaryKey = "CompanyID" case else strErrorMsg = "Invalid Table Name" & TableName end select end if ' *************************************** ' Read Existing Record ' *************************************** IF strErrorMsg = "" then sql = "SELECT " SQL = SQL & Primarykey & " " ' SQL = SQL & "Tstamp " SQL = SQL & "FROM " & Tablename & " " SQL = SQL & "WHERE " & PrimaryKey & " = " & KeyID & " " set rs = conn.execute (SQL) If Err.number <> 0 Then strErrorMsg = strErrorMsg & "Error reading record for update.
" & SQL & "
" Err.Clear End If if rs.eof then SQL = "INSERT INTO " & TableName & " (" SQL = SQL & primarykey SQL = SQL & ") VALUES (" SQL = SQL & KeyID SQL = SQL & " )" Conn.Execute SQL If Err.number <> 0 Then strErrorMsg = strErrorMsg & "Error inserting new record.
" Err.Clear End If end if rs.close set rs = nothing end if ' *************************************** ' Update Record ' *************************************** IF strErrorMsg = "" then SQL = "UPDATE " & TableName & " SET " if DataType = "S" then data = replace(data, "'", "''") SQL = SQL & ColumnName & " = '" & Data & "' " elseif DataType = "N" then SQL = SQL & ColumnName & " = " & Data & " " elseif DataType = "D" then SQL = SQL & ColumnName & " = '" & Data & "' " else data = replace(data, "'", "''") SQL = SQL & ColumnName & " = '" & Data & "' " end if SQL = SQL & "WHERE " & PrimaryKey & " = " & KeyID & " " Conn.execute SQL If Err.number <> 0 Then strErrorMsg = strErrorMsg & "Error updating database. " & SQL Err.Clear End If if TableName = "tCase" then SQL = "UPDATE tCase Set Tstamp = '" & Now() & "' " SQL = SQL & "WHERE CaseID = " & KeyID & " " Conn.execute SQL end if conn.close set conn = nothing end if ' *************************************** ' send response ' *************************************** HTML = "TRAN" IF strErrorMsg = "" then HTML = HTML & "0" else HTML = HTML & "-1" end if HTML = HTML & "" & strErrorMsg & "" HTML = HTML & "" response.write HTML %>