Classic ASP - ASP Classic check if Zip Code exists, if not show message : Code Entry

Live Editing Disabled for Server-Side Example

HTML

<!--#include file="ACN.asp"-->
<%
' Designed By Wayne Barron aka Carrzkiss
' Dated: 07/07/2011
' ASP Classic with Access Database connection
' This demonstration shows how to test a form field value against the database.
' If the value exists in the database, then display a message.
' If the value does not exist, then display a "does not exist" message.
' For more examples, go to www.cffcs.com.
' Date: 07-30-2022 - Name changed of Function from ProtectSQL to 
' ProtectXSS, as it was brought to my attention that saying SQL was 
' misleading.

chZip = ProtectXSS(Request.Form("Zip"))
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Zip Code Check</title>
</head>

<body>
<form action="Load.asp" method="post">
<input type="text" name="Zip" value="<%=chZip%>" />
<input type="Submit" name="Submit" value="Check Zip Code" />
</form>

<br />
<br />
<%if request.form("Submit")="Check Zip Code" then
' Added 07/23/2022
' Check if the value passed is a number value. If not, show a message.
if not IsNumeric(chZip) then
response.Write "Not a valid number, please enter a Zip Code."
else
'Now, the ASP part of it.
'First, we need to check the database
'Get our form value
Set sql = Server.CreateObject("ADODB.Command")
sql.ActiveConnection=objConn ' Check out connection
sql.Prepared = true
sql.commandtext="Select zip, city, state, county from ZipTable where Zip=?"
sql.Parameters.Append sql.CreateParameter("@Zip", 200, 1, 255, chZip)
set rsZip = sql.execute
if rsZip.eof then
'Use either redirect or write
'response.redirect"page.asp"
response.write"Your zip code "&chZip&" is <strong>not</strong> in the database"
else ' If the zip code exists, then send them to the zip page
'response.redirect"Q_27183114.asp"
'Or, if you want to display a message
%>
Your zip code <%=rsZip("Zip")%> is in the database<br />
City = <%=rsZip("City")%><br />
State = <%=rsZip("State")%><br />
County = <%=rsZip("County")%>
<%
end if ' Ends, check for Record Set.
end if ' Ends, check if Number sent.
end if ' Ends, check for Submit button value.%>
</body>
</html>

Classic ASP

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
siteurl = "192.168.2.12/cs" 'Change the URL to your URL
getServer = "sqlcorecs-01" ' Change to your Server Name
getInstance = "sql2019" ' Change to your SQL Server instance Name
getID = "testuser" ' Change to your SQL Server Username
getPW = "testuser" ' Change to your SQL Server Password

Set objConn = CreateObject("ADODB.Connection")
objConn.Open("Provider=SQLOLEDB; Data Source="&getServer&"\"&getInstance&"; Initial Catalog=Virtual-Class-01;User ID="&getID&";Password="&getPW&";")
%>

<%
Function ProtectXSS(SqlString)
        SqlString = Replace(SqlString, "'", "'") ' replace single Quotes with Double Quotes
        SqlString = Replace(SqlString, ">", ">") ' replace > with >
        SqlString = Replace(SqlString, "<", "<") ' replace < with <
        SqlString = Replace(SqlString, "(", "(") ' replace ( with (
        SqlString = Replace(SqlString, ")", ")") ' replace ) with )
        SqlString = Trim(SqlString)
        ProtectXSS = SqlString
End Function
%>

Preview

About Company

Top Viewed Articles