Hi,
I have created a simple HTML form and used ASP to get the form's input and save it into MS Access DB file. Testing it on the IIS localhost works fine, but when I published the form on my webpage online the form is running but it's not inserting any of its data into the database.
Is this a security issue??
Here is the code:
HTML FORM:
Code:
<form action="easc_form.asp" method="post">
Name : <input type="text" name="name"><br>
Affiliation : <input type="text" name="Affiliation"><br>
Country : <input type="text" name="country"><br>
Email : <input type="text" name="email"><br>
<input type="submit" value="submit">
</form>
ASP File:
Code:
<html>
<body>
<%
' Declaring variables
Dim name, email, country, comments, data_source, con, sql_insert
' A Function to check if some field entered by user is empty
Function ChkString(string)
If string = "" Then string = " "
ChkString = Replace(string, "'", "''")
End Function
' Receiving values from Form
name = ChkString(Request.Form("name"))
Affiliation = ChkString(Request.Form("Affiliation"))
country = ChkString(Request.Form("country"))
email = ChkString(Request.Form("email"))
data_source = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & _
Server.MapPath("form.mdb")
sql_insert = "insert into users (name, Affiliation, country, email) values ('" & _
name & "', '" & Affiliation & "', '" & country & "', '" & email & "')"
' Creating Connection Object and opening the database
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
' Done. Close the connection
con.Close
Set con = Nothing
%>
</body>
</html>
Could you please suggest a solution?
Many thanks,
Moe
I have created a simple HTML form and used ASP to get the form's input and save it into MS Access DB file. Testing it on the IIS localhost works fine, but when I published the form on my webpage online the form is running but it's not inserting any of its data into the database.
Is this a security issue??
Here is the code:
HTML FORM:
Code:
<form action="easc_form.asp" method="post">
Name : <input type="text" name="name"><br>
Affiliation : <input type="text" name="Affiliation"><br>
Country : <input type="text" name="country"><br>
Email : <input type="text" name="email"><br>
<input type="submit" value="submit">
</form>
ASP File:
Code:
<html>
<body>
<%
' Declaring variables
Dim name, email, country, comments, data_source, con, sql_insert
' A Function to check if some field entered by user is empty
Function ChkString(string)
If string = "" Then string = " "
ChkString = Replace(string, "'", "''")
End Function
' Receiving values from Form
name = ChkString(Request.Form("name"))
Affiliation = ChkString(Request.Form("Affiliation"))
country = ChkString(Request.Form("country"))
email = ChkString(Request.Form("email"))
data_source = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & _
Server.MapPath("form.mdb")
sql_insert = "insert into users (name, Affiliation, country, email) values ('" & _
name & "', '" & Affiliation & "', '" & country & "', '" & email & "')"
' Creating Connection Object and opening the database
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
' Done. Close the connection
con.Close
Set con = Nothing
%>
</body>
</html>
Could you please suggest a solution?
Many thanks,
Moe