<% '----------------------------------------------- 'ENSURE APOSTROPHES DON'T SCREW UP SQL QUERIES 'Since SQL strings use apostrophes, input is 'truncated if you include apostrophes in a text 'box and then submit it. Not any more... '----------------------------------------------- Function sqlsafe(s) pos = InStr(s, "'") While pos > 0 s = Mid(s, 1, pos) & "'" & Mid(s, pos + 1) pos = InStr(pos + 2, s, "'") Wend sqlsafe=s End Function '----------------------------------------------- 'CHECK FIELD IS NOT BLANK 'One day they will have a nice way to do this in 'ASP, afterall, nearly every database form needs 'some of this checking. But until then... '----------------------------------------------- FUNCTION CheckNotBlank(errortext,errorno,itemname,fieldname) If fieldname="" then errorno = errorno + 1 errortext = errortext + "" + Cstr(errorno) + ". " + "The "&itemname&" is blank.
" End if CheckNotBlank=errortext END FUNCTION '----------------------------------------------- 'ERROR CHECK LENGTH OF STRING TO PREVENT 'DATABASE ERRORS FOR OVERSIZED INPUT 'Similar to the above. Access with ODBC seems to 'truncate and not throw errors, but if you go to 'OLE DB or use SQL Server you have to check the 'field lengths to avoid nasty errors. '----------------------------------------------- FUNCTION ErrorcheckLength(errortext,errorno,itemname,fieldname,allowablelength) If Len(fieldname)> allowablelength then errorno = errorno + 1 errortext = errortext + "" + Cstr(errorno) + ". " + "The "&itemname&" is currently "&len(fieldname)&" characters, but must be less than "&allowablelength&".
" End if ErrorcheckLength=errortext END FUNCTION '----------------------------------------------- 'HTML ENCODE STRING WITHOUT ERRORS ON BLANKS '----------------------------------------------- Function SafeHTMLEncode(inputstring) If inputstring<>"" then inputstring = server.HTMLEncode(inputstring) End if SafeHTMLEncode=inputstring End Function '----------------------------------------------- 'EXECUTE A SQL QUERY STRING '----------------------------------------------- Sub ExecuteSQL(QueryText,cursortype,recordsetname) '------------------------------------------- 'THE TWO LINES BELOW ARE FOR DEBUGGING 'UNCOMMENT THEM IF QUERIES ARE FAILING '------------------------------------------- 'Response.Write(QueryText&"

") 'On Error Resume Next cmdTemp.CommandText = QueryText cmdTemp.CommandType = 1 Set cmdTemp.ActiveConnection = MM_conn_STRING recordsetname.Open cmdTemp, , 1, cursortype End Sub '----------------------------------------------- ' RECONFIG BACKEND DATA ' Basically reconfigures any broken strings ' passed in the backend '----------------------------------------------- Function ReConfigBack(StringToCheck) If len(StringToCheck) > len(TotalConfigSettings) then arySettings = split(StringToCheck,",") for each SettingsValue in arySettings SettingsValue = LeftPart(arySettingsValue,1) next End if If SettingsValue = "" then ReConfigBack = 1 else ReConfigBack = StringToCheck end if End Function %>