<%@LANGUAGE="VBSCRIPT" CODEPAGE="1254"%>
<%
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
%>
<%
Function CheckCAPTCHA(valCAPTCHA)
SessionCAPTCHA = Trim(Session("CAPTCHA"))
Session("CAPTCHA") = vbNullString
if Len(SessionCAPTCHA) < 1 then
CheckCAPTCHA = False
exit function
end if
if CStr(SessionCAPTCHA) = CStr(valCAPTCHA) then
CheckCAPTCHA = True
else
CheckCAPTCHA = False
end if
End Function
%>
<% Dim ip
ip =request.serverVariables("REMOTE_ADDR")
%>
Guestbook
<%
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if CheckCAPTCHA(strCAPTCHA) = true then
%>
<%
Dim guestbook
Dim Rs2
Dim sql
Dim guest_ip
Function stripHTML(strtext)
dim arysplit,i,j, strOutput
arysplit=split(strtext,"<")
if len(arysplit(0))>0 then j=1 else j=0
for i=j to ubound(arysplit)
if instr(arysplit(i),">") then
arysplit(i)=mid(arysplit(i),instr(arysplit(i),">")+1)
else
arysplit(i)="<" & arysplit(i)
end if
next
strOutput = join(arysplit, "")
strOutput = mid(strOutput, 2-j)
strOutput = replace(strOutput,">",">")
strOutput = replace(strOutput,"<","<")
stripHTML = strOutput
End Function
'Create an ADO connection and recordset object
Set guestbook = Server.CreateObject("ADODB.Connection")
Set Rs2 = Server.CreateObject("ADODB.Recordset")
'Set an active connection and select fields from the database
guestbook.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("guestbook.mdb")
sql= "SELECT * FROM guests;"
'Set the lock and cursor type
Rs2.CursorType = 1
Rs2.LockType = 3
Rs2.Open sql, guestbook 'Open the recordset with sql query
Rs2.AddNew 'Prepare the database to add a new record and add
Rs2.Fields("sign_date") = Request.Form("sign_date")
Rs2.Fields("name") = StripHTML(Request.Form("name"))
Rs2.Fields("email") = StripHTML(Request.Form("email"))
Rs2.Fields("location") = StripHTML(Request.Form("location"))
Rs2.Fields("comments") = StripHTML(Request.Form("comments"))
Rs2.Fields("guest_ip") = "" & ip & ""
Rs2.Update 'Save the update
Rs2.Close
Set Rs2 = Nothing
Set guestbook = Nothing
Else
response.redirect("sign.asp")
End If
response.write "The form information was inserted successfully."
response.redirect("Index.asp")
End if
%>