我有一个简单的表单,我使用Javascript在数据库上执行搜索。
<form id="searchForm" onsubmit="return searchTree(this);" method="post" class="form-poshytip">
<input type="text" name="searchbox" placeholder="zoek hier je product..." id="searchField" />
<input type="image" value="Zoeken" name="submit" src="../img/Zoeken.PNG" alt="submit" />
</form>
在Javascript中,我使用经典ASP连接到Access。
<script language="JavaScript">
function searchTree(form) {
<% Dim rsTreeview2 %>
<% Set adoCon = Server.CreateObject("ADODB.Connection") %>
<% adoCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("...") %>
<% Set rsTreeview2 = Server.CreateObject("ADODB.Recordset") %>
<% strSQL = "SELECT tblTreeview_nl.volgnr, tblTreeview_nl.lid_van, tblTreeview_nl.omschrijving, tblTreeview_nl.doctype, tblTreeview_nl.docnaam FROM tblTreeview_nl WHERE tblTreeview_nl.omschrijving LIKE '%" & request.form("searchbox") & "%'"%>
<% rsTreeview2.Open strSQL, adoCon %>
...
<% rsTreeview2.Close %>
<% Set rsTreeview2 = Nothing %>
<% Set adoCon = Nothing %>
return false;
};
</script>
我第一次单击按钮时,我使用request.form(“searchbox”)从文本框中获取正确的值,但是如果我在更改文本框后再次单击该按钮,则request.form(“searchbox”)包含旧的价值。如何从文本框中获取当前值?
答案 0 :(得分:1)
Phew,从哪里开始...
问题是您使用onsubmit="return searchTree(this);"。这意味着如果函数返回FALSE,则表示未提交。
在你的脚本中,我看到函数总是返回false,因此表单不会真正提交。
我不确定为什么你把所有的ASP / vbscript代码都放在你的javascript标签中,但是我假设你直接在你的脚本标签中输出一些javascript代码来创建一个树视图。这很好,但出于测试目的,我首先只是在屏幕上输出它,而不是在脚本标签内部,并从中开始工作。
我已经重新格式化了你的代码以做到这一点。对于您的SQL注入问题,还有一个快速解决方法。
希望这有帮助,
埃里克
<%
function hasValue(value)
hasValue = NOT(isNull(value) OR value="")
end function
function escape(inputValue)
if hasValue(inputValue) then
escape = Replace(inputValue, "'", "''")
end if
end function
function recordsetToString(rs)
Dim objField
recordsetToString = ""
recordsetToString = recordsetToString & "<table class=""dbgtable"">"
recordsetToString = recordsetToString & "<tr>" & vbNewLine
For Each objField in rs.Fields
recordsetToString = recordsetToString & "<th>" & objField.Name & "</th>" & vbNewLine
Next
recordsetToString = recordsetToString & "</tr>" & vbNewLine
if NOT rs.EOF then
Do While Not rs.EOF
recordsetToString = recordsetToString & "<tr>" & vbNewLine
For Each objField in rs.Fields
recordsetToString = recordsetToString & "<td>"
if isNull(objField.Value) then
recordsetToString = recordsetToString & "<i>NULL</i>"
else
if vartype(objField.Value)>20 then
recordsetToString = recordsetToString & typename(objField.Value)
else
recordsetToString = recordsetToString & objField.Value
end if
end if
recordsetToString = recordsetToString & "</td>" & vbNewLine
Next
recordsetToString = recordsetToString & "</tr>" & vbNewLine
rs.MoveNext
Loop
if rs.CursorType>0 then
rs.movefirst
end if
end if
recordsetToString = recordsetToString & "</table>" & vbNewLine
end function
if hasValue(request.form("searchbox")) Then
Dim adoCon
Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("[PATH_TO_DATBASE]")
Dim rsTreeview2
Set rsTreeview2 = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT tblTreeview_nl.volgnr, tblTreeview_nl.lid_van, tblTreeview_nl.omschrijving, tblTreeview_nl.doctype, tblTreeview_nl.docnaam FROM tblTreeview_nl WHERE tblTreeview_nl.omschrijving LIKE '%" & escape(request.form("searchbox")) & "%'"
rsTreeview2.Open strSQL, adoCon
recordsetToString(rsTreeview2)
rsTreeview2.Close
Set rsTreeview2 = Nothing
Set adoCon = Nothing
end if
%>
<script language="JavaScript">
function searchTree(form) {
return false;
};
</script>