SQL 插入中未捕获 DHTML 行值

发布于 2024-08-19 02:53:00 字数 5655 浏览 4 评论 0原文

我有一些 Javascript,当您单击“添加新项目”按钮时,它会动态添加行/字段。每行的值都在隐藏文本字段“txtIndex”中捕获。 (txtIndex 的初始值设置为 1。)然后我在 vbscript 中的变量中捕获 txtIndex 以循环遍历这些值,以便它们可以全部插入到 SQL 表中(插入是在存储过程“spInsert”中完成的) )。这是我遇到麻烦的部分。

页面上的第一行很好地插入到 SQL 表中,但是当我单击按钮并添加任何后续行时,这些值不会插入到表中;相反,会插入一个空白行。所以,这不是 SQL 问题。从我查看页面源代码时所看到的情况来看,页面根本没有识别出我添加了任何新行/值。那么,我猜测我的 Javascript 中的某些内容已关闭?谁能告诉我我做错了什么以及如何纠正它?谢谢!

<!--#includes file="header.asp"-->

<head>
<title>Offset Input</title>
</head>

<%Dim CN, RS, vIndex, vSQL

'GetDataConnection is included in header file.
Set CN = GetDataConnection

If Request.TotalBytes > 0 Then
    vIndex = Request.Form("txtIndex")

    If Request.Form("cboOffsetGroupOperator") = "" Then
        Response.Write("Unable to process your request. Please complete a new entry.")
        Response.Redirect("input.asp")  
    Else                
        'Loop through values in txtIndex.  Insert data into table.
        Do While vIndex > 0 
            vSQL = "spInsert "
            vSQL = vSQL & "@vExceptionID = " & RS("ExceptionID") & ","
            vSQL = vSQL & "@vOffsetDetailCorrectionOperator = '" & Request.Form("cboOffsetGroupOperator" & vIndex) & "',"
            vSQL = vSQL & "@vOffsetDetailNumberOfItems  = '" & Request.Form("txtNumberOfItems" & vIndex) & "',"
            vSQL = vSQL & "@vOffsetDetailComments  = '" & Request.Form("txtComments" & vIndex) & "'"

            CN.Execute (vSQL)       
            vIndex = vIndex-1       
        Loop    
    End If
Else%>

<body>
<form name="frmInput" id="Input" method="post">
<table class="WebApps" id="tblOffsetDetail">
<tbody>
    <tr>
        <td colspan="3">
            <h3>Offset Item Detail</h3> 
            <p><input name="btnSubmit" type="submit" class="button" id="btnSubmit" value="Submit"></p>
        </td>
    </tr>
    <tr>
        <td colspan="3">    
        <input type="button" class="button" value= "Add New Item" id="btnNewItem" name="btnNewItem" onClick="javascript:addNewItem();">
        <input type="hidden" id="txtIndex" name="txtIndex" value="1">
        </td>
    </tr>
    <tr>
        <td width="9%"><h4>Operator:</h4></td>
        <td width="6%"><h4># of Items:</h4></td>
        <td width="13%"><h4>Comments:</h4></td>
    </tr>
    <tr>
        <td>
            <p><select name="cboOffsetGroupOperator1" id="cboOffsetGroupOperator1">
                <option></option>
                <option value="1">Name1</option>
                <option value="2">Name2</option>
                <option value="3">Name3</option>
                <option value="4">Name4</option>
            </select></p>
        </td>
        <td><p><input name="txtNumberofItems1" type="text" id="txtNumberofItems1" size="10" maxlength="10"></p></td>
        <td><p><textarea name="txtComments1" cols="20" rows="3" id="txtComments1"></textarea></p></td>
    </tr>
</tbody>
</table>
</form>

<% 
End If

Set RS = Nothing
CN.Close
Set CN = Nothing
%>

<script language="javascript">

//Display additional rows, columns, and fields when Add New Item button is clicked.
function addNewItem()
{
    var iX = document.getElementById("txtIndex").value;
    iX ++;
    document.getElementById("txtIndex").value = iX;

    var tbl = document.getElementById("tblOffsetDetail").getElementsByTagName("TBODY")[0];
    var tr = document.createElement("TR");
    tbl.appendChild(tr);

    //cboOffsetGroupOperator1
    var tdOffsetGroupOperator = document.createElement("TD");
    tr.appendChild(tdOffsetGroupOperator);

    var p = document.createElement("P");
    tdOffsetGroupOperator.appendChild(p);

    var cboOffsetGroupOperator = document.createElement("select"); 
    p.appendChild(cboOffsetGroupOperator);

    cboOffsetGroupOperator.id = "cboOffsetGroupOperator" + iX;

    var cboOffsetGroupOperator1 = document.getElementById("cboOffsetGroupOperator1");
    var i = 0;

    for (i = 0; i < cboOffsetGroupOperator1.children.length; i++)
        {
            var opt = document.createElement("option");
            opt.value = cboOffsetGroupOperator1 [i].value;
            opt.innerText = cboOffsetGroupOperator1 [i].innerText;
            cboOffsetGroupOperator.appendChild(opt);
        }   

    //txtNumberofItems1
    var tdNumberofItems = document.createElement("TD");
    tr.appendChild(tdNumberofItems);

    var p = document.createElement("P");
    tdNumberofItems.appendChild(p);

    var txtNumberofItems = document.createElement("input"); 
    p.appendChild(txtNumberofItems);

    txtNumberofItems.id = "txtNumberofItems" + iX;
    txtNumberofItems.setAttribute('size',10);

    var txtNumberofItems1 = document.getElementById("txtNumberofItems1");

    //txtComments1
    var tdComments = document.createElement("TD");
    tr.appendChild(tdComments);

    var p = document.createElement("P");
    tdComments.appendChild(p);

    var txtComments = document.createElement("textarea"); 
    p.appendChild(txtComments);

    txtComments.id = "txtComments" + iX;
    txtComments.setAttribute('cols',20);
    txtComments.setAttribute('rows',3);

    var txtComments1 = document.getElementById("txtComments1"); 
}
</script>

</body>
</html>

I have some Javascript that dynamically adds rows/fields when you click the button, "Add New Item." The value for each row is captured in a hidden text field, "txtIndex." (The initial value of txtIndex is set to 1.) I then capture txtIndex in a variable in vbscript to loop through the values so that they can be all inserted into a SQL table (the insert is done in the stored procedure, "spInsert"). This is the part that I'm having trouble with.

The first row on the page gets inserted into the SQL table just fine, but when I click the button and add any subsequent rows, those values are not getting inserted into the table; instead, a blank row gets inserted. So, it's not a SQL issue. From what I can see when I view the page source, the page is not recognizing that I've added any new rows/values at all. So, I'm guessing something in my Javascript is off? Can anyone tell me what I'm doing wrong and how I can correct it? Thanks!

<!--#includes file="header.asp"-->

<head>
<title>Offset Input</title>
</head>

<%Dim CN, RS, vIndex, vSQL

'GetDataConnection is included in header file.
Set CN = GetDataConnection

If Request.TotalBytes > 0 Then
    vIndex = Request.Form("txtIndex")

    If Request.Form("cboOffsetGroupOperator") = "" Then
        Response.Write("Unable to process your request. Please complete a new entry.")
        Response.Redirect("input.asp")  
    Else                
        'Loop through values in txtIndex.  Insert data into table.
        Do While vIndex > 0 
            vSQL = "spInsert "
            vSQL = vSQL & "@vExceptionID = " & RS("ExceptionID") & ","
            vSQL = vSQL & "@vOffsetDetailCorrectionOperator = '" & Request.Form("cboOffsetGroupOperator" & vIndex) & "',"
            vSQL = vSQL & "@vOffsetDetailNumberOfItems  = '" & Request.Form("txtNumberOfItems" & vIndex) & "',"
            vSQL = vSQL & "@vOffsetDetailComments  = '" & Request.Form("txtComments" & vIndex) & "'"

            CN.Execute (vSQL)       
            vIndex = vIndex-1       
        Loop    
    End If
Else%>

<body>
<form name="frmInput" id="Input" method="post">
<table class="WebApps" id="tblOffsetDetail">
<tbody>
    <tr>
        <td colspan="3">
            <h3>Offset Item Detail</h3> 
            <p><input name="btnSubmit" type="submit" class="button" id="btnSubmit" value="Submit"></p>
        </td>
    </tr>
    <tr>
        <td colspan="3">    
        <input type="button" class="button" value= "Add New Item" id="btnNewItem" name="btnNewItem" onClick="javascript:addNewItem();">
        <input type="hidden" id="txtIndex" name="txtIndex" value="1">
        </td>
    </tr>
    <tr>
        <td width="9%"><h4>Operator:</h4></td>
        <td width="6%"><h4># of Items:</h4></td>
        <td width="13%"><h4>Comments:</h4></td>
    </tr>
    <tr>
        <td>
            <p><select name="cboOffsetGroupOperator1" id="cboOffsetGroupOperator1">
                <option></option>
                <option value="1">Name1</option>
                <option value="2">Name2</option>
                <option value="3">Name3</option>
                <option value="4">Name4</option>
            </select></p>
        </td>
        <td><p><input name="txtNumberofItems1" type="text" id="txtNumberofItems1" size="10" maxlength="10"></p></td>
        <td><p><textarea name="txtComments1" cols="20" rows="3" id="txtComments1"></textarea></p></td>
    </tr>
</tbody>
</table>
</form>

<% 
End If

Set RS = Nothing
CN.Close
Set CN = Nothing
%>

<script language="javascript">

//Display additional rows, columns, and fields when Add New Item button is clicked.
function addNewItem()
{
    var iX = document.getElementById("txtIndex").value;
    iX ++;
    document.getElementById("txtIndex").value = iX;

    var tbl = document.getElementById("tblOffsetDetail").getElementsByTagName("TBODY")[0];
    var tr = document.createElement("TR");
    tbl.appendChild(tr);

    //cboOffsetGroupOperator1
    var tdOffsetGroupOperator = document.createElement("TD");
    tr.appendChild(tdOffsetGroupOperator);

    var p = document.createElement("P");
    tdOffsetGroupOperator.appendChild(p);

    var cboOffsetGroupOperator = document.createElement("select"); 
    p.appendChild(cboOffsetGroupOperator);

    cboOffsetGroupOperator.id = "cboOffsetGroupOperator" + iX;

    var cboOffsetGroupOperator1 = document.getElementById("cboOffsetGroupOperator1");
    var i = 0;

    for (i = 0; i < cboOffsetGroupOperator1.children.length; i++)
        {
            var opt = document.createElement("option");
            opt.value = cboOffsetGroupOperator1 [i].value;
            opt.innerText = cboOffsetGroupOperator1 [i].innerText;
            cboOffsetGroupOperator.appendChild(opt);
        }   

    //txtNumberofItems1
    var tdNumberofItems = document.createElement("TD");
    tr.appendChild(tdNumberofItems);

    var p = document.createElement("P");
    tdNumberofItems.appendChild(p);

    var txtNumberofItems = document.createElement("input"); 
    p.appendChild(txtNumberofItems);

    txtNumberofItems.id = "txtNumberofItems" + iX;
    txtNumberofItems.setAttribute('size',10);

    var txtNumberofItems1 = document.getElementById("txtNumberofItems1");

    //txtComments1
    var tdComments = document.createElement("TD");
    tr.appendChild(tdComments);

    var p = document.createElement("P");
    tdComments.appendChild(p);

    var txtComments = document.createElement("textarea"); 
    p.appendChild(txtComments);

    txtComments.id = "txtComments" + iX;
    txtComments.setAttribute('cols',20);
    txtComments.setAttribute('rows',3);

    var txtComments1 = document.getElementById("txtComments1"); 
}
</script>

</body>
</html>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

跨年 2024-08-26 02:53:00

这种 JavaScript 代码适合学习基本 DOM 和数据库驱动的 Web 应用程序的工作原理,但如果您想让人们使用此应用程序,您必须清理所有 JavaScript 代码,因为它无法在所有浏览器上运行。帮自己一个忙,选择一个简单但功能强大的库,例如 jQuery

还要研究 MVC 框架,并将数据库代码与视图分开,并验证两端的输入。

SQL注入问题也是如此。

祝你好运。

This kind of JavaScript code is OK for learning how basic DOM and database driven web applications work, but if you intend to have people use this app you must clean up all that JavaScript code since it's not going to work on all browsers. Do yourself a favor and pick up a simple yet powerful library like jQuery.

Also look into an MVC framework and separate your DB code from the view, and validate your input on both ends.

Ditto on the SQL injection issue.

Good luck.

远昼 2024-08-26 02:53:00

您添加到 DOM 的表单元素没有名称。您需要先为其指定名称,然后才能在表单提交中使用这些名称。

var cboOffsetGroupOperator = document.createElement("select"); 
cboOffsetGroupOperator.setAttribute('name', 'cboOffsetGroupOperator1'); // this is what you're missing
p.appendChild(cboOffsetGroupOperator);

并且,正如 SQLMenace 所说,请修复其中存在的 SQL 注入问题...首先,请将以下文本放入详细注释字段中并提交。

abc ';创建表bork(a
varchar(30));插入bork值('全部
你的基地属于我们'); --

但是,我鼓励您注意您的 javascript 无法跨浏览器运行的答案。看来您需要深入研究才能使您的代码真正正确。

The form elements you're adding to the DOM don't have names. You need to assign names to them before those names can be used in a form submission.

var cboOffsetGroupOperator = document.createElement("select"); 
cboOffsetGroupOperator.setAttribute('name', 'cboOffsetGroupOperator1'); // this is what you're missing
p.appendChild(cboOffsetGroupOperator);

And please, as SQLMenace said, fix the SQL injection problem you have in there... to get started, put the following text into the detail comments field and submit it.

abc ';create table bork(a
varchar(30));insert bork values ('all
your base are belong to us'); --

However, I encourage you to pay attention to the answer that says your javascript will not work cross-browser. It looks like you need to dig into things a bit to get your code really right.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文