<%
Option Explicit
dim conn
dim sql
dim message
dim name
dim signupdate
dim email
dim location
dim url
dim comment
dim action
action = request.form("Action")
if action = "" then
response.redirect "default.asp"
end if
name = request.form("Name")
signupdate = request.form("SignUpDate")
email = request.form("Email")
location = replace(request.form("Location"), "'", "-")
url = replace(LCase(request.form("URL")), "http://", "")
comment = request.form("Comment")
message = ""
if action = "Add Guest" then
if request.form("CodeWord") <> "1456" then
message = "Invalid antispam code - try again"
end if
if instr(comment, "<") > 0 then
message = "URLs are not allowed in the comment."
end if
if instr(location, "<") > 0 then
message = "URLs are not allowed in the location."
end if
if instr(name, "<") > 0 then
message = "URLs are not allowed in the name."
end if
if name = "" then
message = "You forgot to enter your name."
end if
if instr(url, "@") > 0 then
message = "Email address is not allowed in the URL."
end if
if message="" then
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open("PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=" & server.mappath("_Private/guestbook.mdb") & ";")
sql = "Insert Into [Guests] (Name, SignUpDate, Location, Email, URL, Comment) Values('"
sql = sql & name & "', '" & Date & "', '" & location & "', '" & email & "', '" & url & "', '" & comment & "')"
conn.execute(sql)
message = "Your information was added to our guest book successfully!"
conn.close
set conn = nothing
end if
end if
%>
Process Guestbook
<%=message%>
Return to guest book