当前位置: 动力学知识库 > 问答 > 编程问答 >

Classic ASP Request.form gets no update when using onsubmit with javascript

问题描述:

I have a simple form where I use Javascript to execute a search on a database.

<form id="searchForm" onsubmit="return searchTree(this);" method="post" class="form-poshytip">

<input type="text" name="searchbox" placeholder="zoek hier je product..." id="searchField" />

<input type="image" value="Zoeken" name="submit" src="../img/Zoeken.PNG" alt="submit" />

</form>

In Javascript I connect to Access using Classic ASP.

<script language="JavaScript">

function searchTree(form) {

<% Dim rsTreeview2 %>

<% Set adoCon = Server.CreateObject("ADODB.Connection") %>

<% adoCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("...") %>

<% Set rsTreeview2 = Server.CreateObject("ADODB.Recordset") %>

<% strSQL = "SELECT tblTreeview_nl.volgnr, tblTreeview_nl.lid_van, tblTreeview_nl.omschrijving, tblTreeview_nl.doctype, tblTreeview_nl.docnaam FROM tblTreeview_nl WHERE tblTreeview_nl.omschrijving LIKE '%" & request.form("searchbox") & "%'"%>

<% rsTreeview2.Open strSQL, adoCon %>

...

<% rsTreeview2.Close %>

<% Set rsTreeview2 = Nothing %>

<% Set adoCon = Nothing %>

return false;

};

</script>

The first time I click the button I get the correct value from the textbox using request.form("searchbox"), but if I click the button again after changing the textbox, request.form("searchbox") contains the old value. How can I obtain the current value from the textbox?

网友答案:

Phew, where to start...

  • First; remove your database name from this post, because I can find it and download it.
  • Second; escape your search term, to prevent SQL Injection

The problem is you use onsubmit="return searchTree(this);". This means that if the function returns FALSE, the form is NOT submitted. In your script I see the function always returns false, so the form will not really submit.

I'm not sure why you have put all of the ASP/vbscript code inside your javascript tag, but I presume you output some javascript code directly into your script tags to create a tree-view. This is fine, but for testing purposes I would start with just outputting it on screen, instead of inside script tags, and work from that.

I have reformatted your code somewhat to do just that. There is also a quick fix in there for the SQL injection problem you have.

hope this helps,

Erik

<%

function hasValue(value)
    hasValue = NOT(isNull(value) OR value="")
end function

function escape(inputValue)
    if hasValue(inputValue) then
        escape  = Replace(inputValue, "'", "''")
    end if
end function

function recordsetToString(rs)
    Dim objField
    recordsetToString   = ""
    recordsetToString   = recordsetToString & "<table class=""dbgtable"">"
    recordsetToString   = recordsetToString & "<tr>" & vbNewLine
    For Each objField in rs.Fields
    recordsetToString   = recordsetToString & "<th>" & objField.Name & "</th>" & vbNewLine
    Next
    recordsetToString   = recordsetToString & "</tr>" & vbNewLine
    if NOT rs.EOF then
        Do While Not rs.EOF
            recordsetToString   = recordsetToString & "<tr>" & vbNewLine
            For Each objField in rs.Fields
                recordsetToString   = recordsetToString & "<td>"
                if isNull(objField.Value) then
                    recordsetToString   = recordsetToString & "<i>NULL</i>"
                else
                    if vartype(objField.Value)>20 then
                        recordsetToString   = recordsetToString & typename(objField.Value)
                    else
                        recordsetToString   = recordsetToString & objField.Value
                    end if
                end if
                recordsetToString   = recordsetToString & "</td>" & vbNewLine
            Next
            recordsetToString   = recordsetToString & "</tr>" & vbNewLine
        rs.MoveNext
        Loop
        if rs.CursorType>0 then
            rs.movefirst
        end if
    end if
    recordsetToString   = recordsetToString & "</table>" & vbNewLine
end function

if hasValue(request.form("searchbox")) Then
Dim adoCon
Set adoCon = Server.CreateObject("ADODB.Connection") 
    adoCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("[PATH_TO_DATBASE]") 
    Dim rsTreeview2
    Set rsTreeview2 = Server.CreateObject("ADODB.Recordset") 
        strSQL = "SELECT tblTreeview_nl.volgnr, tblTreeview_nl.lid_van, tblTreeview_nl.omschrijving, tblTreeview_nl.doctype, tblTreeview_nl.docnaam FROM tblTreeview_nl WHERE tblTreeview_nl.omschrijving LIKE '%" & escape(request.form("searchbox")) & "%'"
        rsTreeview2.Open strSQL, adoCon 
            recordsetToString(rsTreeview2)
        rsTreeview2.Close 
    Set rsTreeview2 = Nothing 
Set adoCon = Nothing 
end if
%>


<script language="JavaScript">
function searchTree(form) {
    return false;
};
</script> 
分享给朋友:
您可能感兴趣的文章:
随机阅读: