javascript asp教程添加和修改

　　The Connection Execute():

　　If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you dont necessarily have to have a Recordset. Its up to you.

　　For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

　　Get Started:

　　Below is the script for Lesson 19.

　　Theres no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

　　Danger in The Single Quote:

　　Youll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

　　var myRegExp = /[]/g; firstName = firstName.replace(myRegExp, ');

　　The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

　　Execute( ):

　　The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an if statement. In this case sql does all the work, and we never need a recordset.