Helmut,

I am glad that this code help you.;)
You can eliminate "size=20" if you change lines in the following manner:
<input type=text name=mobile value=" & rs.Fields(6) & " size=20>
change to:
<input type=text name=mobile value=""" & rs.Fields(6) & """ size=20>

For the search page on the first_page.asp you can add some text fields and/or select lists for the search criteria.
If you want to sort the results by the specified filed you have to change this line:
sSQL="SELECT * FROM YourTableName"
with:
sSQL="SELECT * FROM YourTableName ORDER BY Sort_Field_Name"

I suggest you to try yourself this search mechanism's implementation. If you need more help, just let me know.

Regards,
NNJ

...but the Soon is eclipsed by the Moon

Hey!

Thanks for such a quick response, I'm working on the information given above,

but while i do that, I would like to ask What is the best way to "hide" databases and passwords? I have been searching for this some say put it inside the cgi bin, some other place passwords as asp files, but you can still see the files when you type the passwords.asp and do a quick search for a mdb file in my site would give it all away.

What would you recommend?

Thanx

...helmut

Hi again,

Im facing a little problem with the code,

when i test it it gives me this problem:

----//problem

Technical Information (for support personnel)

Error Type:
Microsoft JET Database Engine (0x80040E14)
Syntax error in string in query expression 'www.lcph.ocm' WHERE id=8'.
/hmm/Edinburg/2003/chamber/members/second_page.asp, line 57

---// end of problem

here is the demo of how i modified the code:


//-----Modified code below


<%
Function GetMemberDetails(id)
Dim cn
Dim sSQL
Dim rs
Dim ret_string
Set cn=Server.CreateObject("ADODB.Connection")
cn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("members.mdb")
sSQL="SELECT * FROM Category WHERE id=" & id
ret_string="<table cellspacing=5><tr bgcolor=e0e0e0>"
ret_string=ret_string & "<td class=td_hed>Field Name</td>"
ret_string=ret_string & "<td class=td_hed>Field Value</td></tr>"
set rs=cn.Execute(sSQL)
If not rs.EOF Then
    ret_string=ret_string & "<tr><td class=td_hed>Category</td>"
    ret_string=ret_string & "<td><input type=text name=category value=""" & rs.Fields(1) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Company</td>"
    ret_string=ret_string & "<td><input type=text name=company value=""" & rs.Fields(2) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Address</td>"
    ret_string=ret_string & "<td><input type=text name=address value=""" & rs.Fields(3) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>City</td>"
    ret_string=ret_string & "<td><input type=text name=city value=""" & rs.Fields(4) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>State</td>"
    ret_string=ret_string & "<td><input type=text name=st value=""" & rs.Fields(5) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Zip</td>"
    ret_string=ret_string & "<td><input type=text name=zip value=""" & rs.Fields(6) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Phone</td>"
    ret_string=ret_string & "<td><input type=text name=phone value=""" & rs.Fields(7) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Fax</td>"
    ret_string=ret_string & "<td><input type=text name=fax value=""" & rs.Fields(8) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Email</td>"
    ret_string=ret_string & "<td><input type=text name=email value=""" & rs.Fields(9) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>URL</td>"
    ret_string=ret_string & "<td><input type=text name=url value=""" & rs.Fields(10) & """ size=20></td></tr>"
    'ret_string=ret_string & "<tr><td class=td_hed>url</td>"
    ' ret_string=ret_string & "<td><input type=text name=officefax value=" & rs.Fields(11) & " size=20></td></tr>"
   ' ret_string=ret_string & "<tr><td class=td_hed>Notes</td>"
    'ret_string=ret_string & "<td><input type=text name=notes value=" & rs.Fields(12) & " size=20></td></tr>"
End If
rs.Close
Set rs=Nothing
cn.Close
Set cn=Nothing
ret_string=ret_string & "</table>"
GetMemberDetails=ret_string
End Function

Function UpdateYourDB(id,category,company,address,city,st,z ip,phone,fax,email,url)
    Dim cn
    Dim sSQL
    Set cn=Server.CreateObject("ADODB.Connection")
    cn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("members.mdb")
    sSQL="UPDATE Category SET category='" & category & "',company='" & company & "',address='" & address
    sSQL=sSQL & "',city=" & city & ",st=" & st & ",zip=" & zip & ",phone='" & phone
    sSQL=sSQL & "',fax='" & fax & "',email='" & email & "',url=" & url
    sSQL=sSQL & "' WHERE id=" & id
    cn.Execute sSQL,lRecs
    cn.Close
    Set cn=Nothing
    UpdateYourDB=lRecs
End Function

If Request.Form("submit")<>"" Then
    id=Request.Form("id")
    category=Request.Form("category")
    company=Request.Form("company")
    address=Request.Form("address")
    city=Request.Form("city")
    st=Request.Form("st")
    zip=Request.Form("zip")
    phone=Request.Form("phone")
    fax=Request.Form("fax")
    email=Request.Form("email")
    url=Request.Form("url")

    If UpdateYourDB(id,category,company,address,city,st,z ip,phone,fax,email,url)=1 Then
        Response.Write "Success message"
    Else
        Response.Write "Failed message"
    End If

Else
    If (Request.QueryString("id")>0) Then
        Response.Write "<form name=""form"" method=""post"" action=""second_page.asp"">"

        id=Request.QueryString("id")
        Response.Write GetMemberDetails(id)

        Response.Write "<input type=hidden name=id value=" & id & ">"
        Response.Write "<input type=submit name=submit value=""Update Changes"">"
        Response.Write "</form>"
    Else
        Response.Write "Wrong parameter!!!"
    End If
End If
%>

----// End of midified Code

I played with this code for hours already and have no idea what the problem is, :o(

Can you see any problems with my modified version?

Thanks!


...helmut

  It seems that this line fails...
Change it with:
sSQL=sSQL & "',fax='" & fax & "',email='" & email & "',url='" & url

Please let me know the result.

...but the Soon is eclipsed by the Moon

Thanks!

I get this result:

-------------------

Error Type:
Microsoft JET Database Engine (0x80040E10)
No value given for one or more required parameters.
/hmm/Edinburg/2003/chamber/members/second_page.asp, line 57

---------------------

there was 2 fields that were empty so i placed a N/A but still gave me that error, I dont think im missing any parameters, The only i was concerened about was ID nuber but ID is being passed.

Any ideas?

Oh btw line 57 is this:

    cn.Execute sSQL,lRecs

dont know if that helps

Thanks!

...helmut

And for the password protection...
ASP code is interpreted by Web server, so the original .asp code is not available to user from his browser, so he can't read the code you wrote. User can read only the result page cretaed by the Web server from .asp page and this page is poor html page.
You can, however, locate user/pass values into the file and read these values from asp page. In that way the connection string isn't hardcoded, and isn't visible even in .asp code. It is strongly recommended to NOT use .txt file for this purpose because when u type http://someaddreseee/somefile.txt you can download the file. You can use again .asp file. Par example:
It that way user/pass value are saved in plain format. If you are more "paranoid" you can write two functions:one for encrypt and one for decrypt strings and use them for encrypting these values.
Then u/p file looks like:
and you can use some function in order to retreive connection string value:
...but the Soon is eclipsed by the Moon

Helmut,
Add these lines
before
and send what you see.

...but the Soon is eclipsed by the Moon

Hey!

It Prints all the parameters:

UPDATE Category SET category='ABSTRACT & TITLE COMPANIES',company='Valley Land Title Company',address='P.O. Box 389',city=Edinburg,st=TX,zip=78540,phone='383-2708',fax='383-8632',email='[email protected]',url='' WHERE id=4

---Brake Points uh?
Response.Write sSQL
Response.End
----;)

...helmut

Helmut,
I found that the values for city and state aren't correct. If the column field is varchar(text) type you have to use field='field_value' in SQL statement instead of field=field_value. So, you have to change this line:
into
If zip column is text type than u have to change zip part too:
HTH.


...but the Soon is eclipsed by the Moon

John,

That was it

Not only that, but all my fields were varchar(text) but the ID #

Now I can edit the fields, Thank You very much for your help. All I have to do now it is to match the look of the website, if you wanna see where this is going to go you can view www.edinburg.com

Thanks again,

**most likely i will come back to ask some more about the search engine hope you are availabe to help with that too

...helmut