我有一些JavaScript动态地将行/场,当你按一下按钮,“添加新项”。每行的值都会在隐藏文本字段“txtIndex”中捕获。 (txtIndex的初始值被设置为1),那么我通过值捕获txtIndex在变量在VBScript循环,使得它们可以被所有插入到SQL表(插入件在存储过程完成后,“spInsert” )。这是我遇到麻烦的部分。DHTML行值不是SQL插入被捕获
页上的第一行被插入到SQL表就好了,但是当我按一下按钮,并添加任何后续行,这些值都没有得到插入到表;相反,插入一个空行。所以,这不是一个SQL问题。从我在查看页面源代码时可以看到的内容中,页面没有意识到我已经添加了任何新的行/值。所以,我猜我的Javascript是关闭的东西?任何人都可以告诉我我做错了什么,如何纠正它?谢谢!
<!--#includes file="header.asp"-->
<head>
<title>Offset Input</title>
</head>
<%Dim CN, RS, vIndex, vSQL
'GetDataConnection is included in header file.
Set CN = GetDataConnection
If Request.TotalBytes > 0 Then
vIndex = Request.Form("txtIndex")
If Request.Form("cboOffsetGroupOperator") = "" Then
Response.Write("Unable to process your request. Please complete a new entry.")
Response.Redirect("input.asp")
Else
'Loop through values in txtIndex. Insert data into table.
Do While vIndex > 0
vSQL = "spInsert "
vSQL = vSQL & "@vExceptionID = " & RS("ExceptionID") & ","
vSQL = vSQL & "@vOffsetDetailCorrectionOperator = '" & Request.Form("cboOffsetGroupOperator" & vIndex) & "',"
vSQL = vSQL & "@vOffsetDetailNumberOfItems = '" & Request.Form("txtNumberOfItems" & vIndex) & "',"
vSQL = vSQL & "@vOffsetDetailComments = '" & Request.Form("txtComments" & vIndex) & "'"
CN.Execute (vSQL)
vIndex = vIndex-1
Loop
End If
Else%>
<body>
<form name="frmInput" id="Input" method="post">
<table class="WebApps" id="tblOffsetDetail">
<tbody>
<tr>
<td colspan="3">
<h3>Offset Item Detail</h3>
<p><input name="btnSubmit" type="submit" class="button" id="btnSubmit" value="Submit"></p>
</td>
</tr>
<tr>
<td colspan="3">
<input type="button" class="button" value= "Add New Item" id="btnNewItem" name="btnNewItem" onClick="javascript:addNewItem();">
<input type="hidden" id="txtIndex" name="txtIndex" value="1">
</td>
</tr>
<tr>
<td width="9%"><h4>Operator:</h4></td>
<td width="6%"><h4># of Items:</h4></td>
<td width="13%"><h4>Comments:</h4></td>
</tr>
<tr>
<td>
<p><select name="cboOffsetGroupOperator1" id="cboOffsetGroupOperator1">
<option></option>
<option value="1">Name1</option>
<option value="2">Name2</option>
<option value="3">Name3</option>
<option value="4">Name4</option>
</select></p>
</td>
<td><p><input name="txtNumberofItems1" type="text" id="txtNumberofItems1" size="10" maxlength="10"></p></td>
<td><p><textarea name="txtComments1" cols="20" rows="3" id="txtComments1"></textarea></p></td>
</tr>
</tbody>
</table>
</form>
<%
End If
Set RS = Nothing
CN.Close
Set CN = Nothing
%>
<script language="javascript">
//Display additional rows, columns, and fields when Add New Item button is clicked.
function addNewItem()
{
var iX = document.getElementById("txtIndex").value;
iX ++;
document.getElementById("txtIndex").value = iX;
var tbl = document.getElementById("tblOffsetDetail").getElementsByTagName("TBODY")[0];
var tr = document.createElement("TR");
tbl.appendChild(tr);
//cboOffsetGroupOperator1
var tdOffsetGroupOperator = document.createElement("TD");
tr.appendChild(tdOffsetGroupOperator);
var p = document.createElement("P");
tdOffsetGroupOperator.appendChild(p);
var cboOffsetGroupOperator = document.createElement("select");
p.appendChild(cboOffsetGroupOperator);
cboOffsetGroupOperator.id = "cboOffsetGroupOperator" + iX;
var cboOffsetGroupOperator1 = document.getElementById("cboOffsetGroupOperator1");
var i = 0;
for (i = 0; i < cboOffsetGroupOperator1.children.length; i++)
{
var opt = document.createElement("option");
opt.value = cboOffsetGroupOperator1 [i].value;
opt.innerText = cboOffsetGroupOperator1 [i].innerText;
cboOffsetGroupOperator.appendChild(opt);
}
//txtNumberofItems1
var tdNumberofItems = document.createElement("TD");
tr.appendChild(tdNumberofItems);
var p = document.createElement("P");
tdNumberofItems.appendChild(p);
var txtNumberofItems = document.createElement("input");
p.appendChild(txtNumberofItems);
txtNumberofItems.id = "txtNumberofItems" + iX;
txtNumberofItems.setAttribute('size',10);
var txtNumberofItems1 = document.getElementById("txtNumberofItems1");
//txtComments1
var tdComments = document.createElement("TD");
tr.appendChild(tdComments);
var p = document.createElement("P");
tdComments.appendChild(p);
var txtComments = document.createElement("textarea");
p.appendChild(txtComments);
txtComments.id = "txtComments" + iX;
txtComments.setAttribute('cols',20);
txtComments.setAttribute('rows',3);
var txtComments1 = document.getElementById("txtComments1");
}
</script>
</body>
</html>
我不明白。我对这一切都很陌生,哪些表单元素没有名称? 我正在阅读有关SQL注入,但我不知道我理解你的建议。 – SeanFlynn 2010-01-21 18:49:00
我更新了我的帖子,为您提供了更多细节。 – ErikE 2010-01-21 22:19:10
回复关于SQL注入的建议:请参阅上面灰背景框中的全部文本,以abc开头的文本?复制整个事物并将其放入输入页面的最后一个字段。提交表单,然后在创建的新表“bork”中查看数据库。 – ErikE 2010-01-22 18:13:44