Function to build queries

ASP Free Forums Sponsor:

January 23rd, 2007, 03:59 PM

djfiii

Contributing User

Join Date: Aug 2006

Posts: 108

Time spent in forums: 1 Day 9 h 3 m 30 sec
Reputation Power: 8

Function to build queries

I wrote this function to build insert and update queries based on form submissions, and thought it might be useful to others. I've gotten some very solid help on this board, and thought I could give back a little!

So here is the function:

Code:

Function BuildSQL(sqlType, tblName, uID)
	If lcase(sqlType) = "insert" Then
		sql = "INSERT INTO " & tblName & "("
		For Each Field in Request.Form
			If lcase(Field) <> "submit" and lcase(Field) <> "action" and lcase(Field) <> uID Then
				 sql = sql & Field & ","
			End If
		Next
		sql = left(sql,(len(sql)-1)) & ") VALUES ("
		
		For Each Field in Request.Form
			If lcase(Field) <> "submit" and lcase(Field) <> "action" and lcase(Field) <> uID Then
				If IsNumeric(Request.Form(Field)) Then
					sql = sql & Sanitize(Request.Form(Field)) & ","
				ElseIf Len(Request.Form(Field)) = 0 Then
					sql = sql & "NULL,"
				Else
					sql = sql & "'" & Sanitize(Request.Form(Field)) & "',"
				End If
			End If
		Next
		sql = left(sql,(len(sql)-1)) & ")"	
	End If
	
	If lcase(sqlType) = "update" Then
		sql = "UPDATE " & tblName & " SET "
		For Each Field in Request.Form
			If lcase(Field) <> "submit" and lcase(Field) <> "action" and Field <> uID Then
				If IsNumeric(Request.Form(Field)) Then
					sql = sql & Field & "=" & Sanitize(Request.Form(Field)) & ", "
				ElseIf Len(Request.Form(Field)) = 0 Then
					sql = sql & Field & "= NULL, "
				Else
					sql = sql & Field & "='" & Sanitize(Request.Form(Field)) & "', "
				End If
			End If
		Next
		sql = left(sql,(len(sql)-2))
		sql = sql & " WHERE " & uID & " = " & Sanitize(Request.Form(uID))
			
	End If
	BuildSQL = sql
End Function

It also uses this function, which sanitizes user input:

Code:

Function Sanitize(input)
	Dim regEx
	Set regEx = New RegExp
	regEx.Pattern = "[^0-9a-zA-Z ()/]"
	regEx.IgnoreCase = True
	regEx.Global = True
	str = regEx.Replace(input, "") 
	Sanitize = str
End Function

Then you could have your update page, i.e. page-update.asp:

PHP Code:


		
			
If auth() Then



    If Request.Form("action") = "add" Then

        sqlAT = BuildSQL("insert","AuditTypes","aTypeID")

    End If



    If Request.Form("action") = "edit" Then

        sqlAT = BuildSQL("update","AuditTypes","aTypeID")

    End If



    response.write sqlAT

    

    'strConn.Execute(sqlAT)    

    'Response.Redirect("atypes.asp")

Else

    response.redirect "/igs/error.asp?message=2"

End If

The function takes 3 arguments:

update or insert
table name
table primary key

Happy coding!

Comments on this post

mehere agrees: nice, thanks for sharing ...

shem agrees: sweet, thanks alot

Shadow Wizard agrees!

January 30th, 2007, 01:36 AM

Shadow Wizard

Moderator From Beyond

ASP Free God 45th Plane (27000 - 27499 posts)

Join Date: Sep 2004

Location: Israel

Posts: 27,291

Folding Points: 359459 Folding Title: Super Ultimate Folder - Level 1

Time spent in forums: 3 Months 1 Week 6 Days 14 h 16 m 8 sec
Reputation Power: 1802

nice, I have also written something similar:
http://forums.aspfree.com/code-bank...-sql-88463.html

__________________

Visit The Windows Scripting Guru

Viewing: ASP Free Forums > Programming > Code Bank > Function to build queries

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump