Inserting multiple records into 1 table

I have a page that has 75 textboxes, 25 each for Name, Relationship and
YearsKnown. These are currently named

Name1, Name2, Name3... Name25
Relationship1, Relationship2... Relationship25
YearsKnown1, YearsKnown2... YearsKnown25

How can I process this and insert only the data that is entered in the
textboxes, and ignore the empty ones? I have looked at various tutorials,
but they don't seem to do what I need to do. Can anyone help me out or at
least point me in the right direction.

Thanks,
Drew

Re: Inserting multiple records into 1 table

Drew wrote on 02 dec 2004 in microsoft.public.inetserver.asp.db:

> I have a page that has 75 textboxes, 25 each for Name, Relationship
> and YearsKnown. These are currently named
>
> Name1, Name2, Name3... Name25
> Relationship1, Relationship2... Relationship25
> YearsKnown1, YearsKnown2... YearsKnown25
>
> How can I process this and insert only the data that is entered in the
> textboxes, and ignore the empty ones? I have looked at various
> tutorials, but they don't seem to do what I need to do. Can anyone
> help me out or at least point me in the right direction.


for i = 1 to 25
if request.form("Name"+i)<>"" AND request.form("Relationship"+i)<>"" then
SQL = "INSERT INTO .... (...) VALUES '"
SQL = SQL & request.form("Name"+i)
SQL = SQL & "','" & request.form("Relationship"+i)
SQL = SQL & "','" & request.form("YearsKnown"+i) & "'"
set mD=CONNECT.Execute(SQL)
end if
next

[With an external/web form one should test the inputs for improper char-s]

Re: Inserting multiple records into 1 table

Boy, I bet it's fun filling out that page ;)

Since you've named them like that you could do a simple loop

<%

for i=1 to 25
Name=Request.Form("Name" & trim(Cstr(i)))
Relationship=Request.Form("Relationship" & trim(Cstr(i)))
YearsKnown=Request.Form("YearsKnown" & trim(Cstr(i)))

if Len(Name)>0 AND Len(Relationship)>0 AND Len(YearsKnown)>0 then
SQL="exec STOREDPROCEDURENAME " & _
"'" & Name & "', " & _
"'" & Relationship & "', " & _
YearsKnown
ValidOpenConnection.Execute SQL
end if
next
%>

"Drew" wrote in message
news:eAr$5TI2EHA.3504@TK2MSFTNGP12.phx.gbl...
> I have a page that has 75 textboxes, 25 each for Name, Relationship and
> YearsKnown. These are currently named
>
> Name1, Name2, Name3... Name25
> Relationship1, Relationship2... Relationship25
> YearsKnown1, YearsKnown2... YearsKnown25
>
> How can I process this and insert only the data that is entered in the
> textboxes, and ignore the empty ones? I have looked at various
tutorials,
> but they don't seem to do what I need to do. Can anyone help me out or at
> least point me in the right direction.
>
> Thanks,
> Drew
>
>

Re: Inserting multiple records into 1 table

Thanks for your help!

I'm glad I'm not the one to fill this page out, and this whole app is gonna
be a whole bunch of typing.

Drew

"Tom B" wrote in message
news:OfUyYdI2EHA.1300@TK2MSFTNGP14.phx.gbl...
> Boy, I bet it's fun filling out that page ;)
>
> Since you've named them like that you could do a simple loop
>
> <%
>
> for i=1 to 25
> Name=Request.Form("Name" & trim(Cstr(i)))
> Relationship=Request.Form("Relationship" & trim(Cstr(i)))
> YearsKnown=Request.Form("YearsKnown" & trim(Cstr(i)))
>
> if Len(Name)>0 AND Len(Relationship)>0 AND Len(YearsKnown)>0 then
> SQL="exec STOREDPROCEDURENAME " & _
> "'" & Name & "', " & _
> "'" & Relationship & "', " & _
> YearsKnown
> ValidOpenConnection.Execute SQL
> end if
> next
> %>
>
> "Drew" wrote in message
> news:eAr$5TI2EHA.3504@TK2MSFTNGP12.phx.gbl...
>> I have a page that has 75 textboxes, 25 each for Name, Relationship and
>> YearsKnown. These are currently named
>>
>> Name1, Name2, Name3... Name25
>> Relationship1, Relationship2... Relationship25
>> YearsKnown1, YearsKnown2... YearsKnown25
>>
>> How can I process this and insert only the data that is entered in the
>> textboxes, and ignore the empty ones? I have looked at various
> tutorials,
>> but they don't seem to do what I need to do. Can anyone help me out or
>> at
>> least point me in the right direction.
>>
>> Thanks,
>> Drew
>>
>>
>
>

Re: Inserting multiple records into 1 table

Its allways a good idea with such large forms, to give the user the
possibility of saving all the data temporaly, even not checked if the data
is correct. You can do this to with cookies. This give also the possibility
to recall the data last entered.
Gérard

Re: Inserting multiple records into 1 table

One slight note - If someone can fill out some, but not all , of the boxes of the same line ( for instance can type in
Name AND Relationship but no Years Known ) and you want to prevent this from being saved, your test needs to use OR
instead of AND when looking for blanks..


On Thu, 2 Dec 2004 11:12:21 -0500, "Drew" wrote:

>Thanks for your help!
>
>I'm glad I'm not the one to fill this page out, and this whole app is gonna
>be a whole bunch of typing.
>
>Drew
>
>"Tom B" wrote in message
>news:OfUyYdI2EHA.1300@TK2MSFTNGP14.phx.gbl...
>> Boy, I bet it's fun filling out that page ;)
>>
>> Since you've named them like that you could do a simple loop
>>
>> <%
>>
>> for i=1 to 25
>> Name=Request.Form("Name" & trim(Cstr(i)))
>> Relationship=Request.Form("Relationship" & trim(Cstr(i)))
>> YearsKnown=Request.Form("YearsKnown" & trim(Cstr(i)))
>>
>> if Len(Name)>0 AND Len(Relationship)>0 AND Len(YearsKnown)>0 then
>> SQL="exec STOREDPROCEDURENAME " & _
>> "'" & Name & "', " & _
>> "'" & Relationship & "', " & _
>> YearsKnown
>> ValidOpenConnection.Execute SQL
>> end if
>> next
>> %>
>>
>> "Drew" wrote in message
>> news:eAr$5TI2EHA.3504@TK2MSFTNGP12.phx.gbl...
>>> I have a page that has 75 textboxes, 25 each for Name, Relationship and
>>> YearsKnown. These are currently named
>>>
>>> Name1, Name2, Name3... Name25
>>> Relationship1, Relationship2... Relationship25
>>> YearsKnown1, YearsKnown2... YearsKnown25
>>>
>>> How can I process this and insert only the data that is entered in the
>>> textboxes, and ignore the empty ones? I have looked at various
>> tutorials,
>>> but they don't seem to do what I need to do. Can anyone help me out or
>>> at
>>> least point me in the right direction.
>>>
>>> Thanks,
>>> Drew
>>>
>>>
>>
>>
>

Re: Inserting multiple records into 1 table

Don't forget SQL Injection prevention

SQL = "INSERT INTO .... (...) VALUES '"
SQL = SQL & SQLString(request.form("Name"+i))
SQL = SQL & "','" & SQLString(request.form("Relationship"+i))
SQL = SQL & "','" & SQLString(request.form("YearsKnown"+i)) &
"'"

Function SQLString( strIn)
SQLString = Replace(strIn, "'", "''")
End Function

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"Evertjan." wrote in message
news:Xns95B3AC0F8D8D2eejj99@194.109.133.29...
> Drew wrote on 02 dec 2004 in microsoft.public.inetserver.asp.db:
>
>> I have a page that has 75 textboxes, 25 each for Name, Relationship
>> and YearsKnown. These are currently named
>>
>> Name1, Name2, Name3... Name25
>> Relationship1, Relationship2... Relationship25
>> YearsKnown1, YearsKnown2... YearsKnown25
>>
>> How can I process this and insert only the data that is entered in the
>> textboxes, and ignore the empty ones? I have looked at various
>> tutorials, but they don't seem to do what I need to do. Can anyone
>> help me out or at least point me in the right direction.
>
>
> for i = 1 to 25
> if request.form("Name"+i)<>"" AND request.form("Relationship"+i)<>"" then
> SQL = "INSERT INTO .... (...) VALUES '"
> SQL = SQL & request.form("Name"+i)
> SQL = SQL & "','" & request.form("Relationship"+i)
> SQL = SQL & "','" & request.form("YearsKnown"+i) & "'"
> set mD=CONNECT.Execute(SQL)
> end if
> next
>
> [With an external/web form one should test the inputs for improper char-s]

Re: Inserting multiple records into 1 table

Mark Schupp wrote:
> Don't forget SQL Injection prevention
>
> SQL = "INSERT INTO .... (...) VALUES '"
> SQL = SQL & SQLString(request.form("Name"+i))
> SQL = SQL & "','" &
> SQLString(request.form("Relationship"+i)) SQL = SQL &
> "','" & SQLString(request.form("YearsKnown"+i)) & "'"
>
> Function SQLString( strIn)
> SQLString = Replace(strIn, "'", "''")
> End Function
>
Good thought. However, there are other ways to accomplish sql injection,
ways that do not involve the use of single quote characters.

http://www.nextgenss.com/papers/advanced_sql_injection.pdf

This is why the only safe way to process user-input data is to pass it via
parameters instead of concatenating it into dynamic sql statements.

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.