<% ' Substitute in form parameters into the query string fp_sQry = "[*]InsertSqlQuery[*]" fp_sDefault = "[*]InsertDefaultFields[*]" fp_iCurrent = 1 fp_fError = False fp_bBlankField = False Do While (Not fp_fError) And (InStr(fp_iCurrent, fp_sQry, "%%") <> 0) ' found a opening quote, find the close quote fp_iStart = InStr(fp_iCurrent, fp_sQry, "%%") fp_iEnd = InStr(fp_iStart + 2, fp_sQry, "%%") If fp_iEnd = 0 Then fp_fError = True Response.Write "Database Region Error: mismatched parameter delimiters" Else fp_sField = Mid(fp_sQry, fp_iStart + 2, fp_iEnd - fp_iStart - 2) fp_sValue = Request.Form(fp_sField) ' if the named form field doesn't exist, make a note of it If (len(fp_sValue) = 0) Then fp_iCurrentField = 1 fp_bFoundField = False Do While (InStr(fp_iCurrentField, fp_sDefault, fp_sField) <> 0) _ And Not fp_bFoundField fp_iCurrentField = InStr(fp_iCurrentField, fp_sDefault, fp_sField) fp_iStartField = InStr(fp_iCurrentField, fp_sDefault, "=") If fp_iStartField = fp_iCurrentField + len(fp_sField) Then fp_iEndField = InStr(fp_iCurrentField, fp_sDefault, "&") If (fp_iEndField = 0) Then fp_iEndField = len(fp_sDefault) + 1 fp_sValue = Mid(fp_sDefault, fp_iStartField+1, fp_iEndField-1) fp_bFoundField = True Else fp_iCurrentField = fp_iCurrentField + len(fp_sField) - 1 End If Loop End If ' this next finds the named form field value, and substitutes in ' doubled single-quotes for all single quotes in the literal value ' so that SQL doesn't get confused by seeing unpaired single-quotes fp_sValue = Replace(Replace(fp_sValue, "'", "''"), """", """""") If (Mid(fp_sQry, fp_iStart - 1, 1) <> """") And _ (Mid(fp_sQry, fp_iStart - 1, 1) <> "'") And _ Not IsNumeric(fp_sValue) Then fp_sValue = "" End If If (len(fp_sValue) = 0) Then fp_bBlankField = True fp_sQry = Left(fp_sQry, fp_iStart - 1) + fp_sValue + _ Right(fp_sQry, Len(fp_sQry) - fp_iEnd - 1) ' Fixup the new current position to be after the substituted value fp_iCurrent = fp_iStart + Len(fp_sValue) End If Loop If Not fp_fError Then ' Use the connection string directly as entered from the wizard On Error Resume Next set fp_rs = CreateObject("ADODB.Recordset") fp_rs.Open fp_sQry, "[*]InsertConnString[*]" If Err.Description <> "" Then Response.Write "Database Error: " + Err.Description + "" if fp_bBlankField Then Response.Write " One or more form fields were empty." End If Else ' Check for the no-record case If fp_rs.EOF And fp_rs.BOF Then Response.Write "No Records Returned" Else ' Start a while loop to fetch each record in the result set Do Until fp_rs.EOF %>