<%@LANGUAGE="VBSCRIPT"%>
<%
'____________________________________________________________________________________________________
'Pass in the submitted content to filter
Function RemoveHTML( strText )
Dim TAGLIST
TAGLIST = ";!--;!DOCTYPE;A;ACRONYM;ADDRESS;APPLET;AREA;B;BASE;BASEFONT;" &_
"BGSOUND;BIG;BLOCKQUOTE;BODY;BR;BUTTON;CAPTION;CENTER;CITE;CODE;" &_
"COL;COLGROUP;COMMENT;DD;DEL;DFN;DIR;DIV;DL;DT;EM;EMBED;FIELDSET;" &_
"FONT;FORM;FRAME;FRAMESET;HEAD;H1;H2;H3;H4;H5;H6;HR;HTML;I;IFRAME;IMG;" &_
"INPUT;INS;ISINDEX;KBD;LABEL;LAYER;LAGEND;LI;LINK;LISTING;MAP;MARQUEE;" &_
"MENU;META;NOBR;NOFRAMES;NOSCRIPT;OBJECT;OL;OPTION;P;PARAM;PLAINTEXT;" &_
"PRE;Q;S;SAMP;SCRIPT;SELECT;SMALL;SPAN;STRIKE;STRONG;STYLE;SUB;SUP;" &_
"TABLE;TBODY;TD;TEXTAREA;TFOOT;TH;THEAD;TITLE;TR;TT;U;UL;VAR;WBR;XMP;XML;"
Const BLOCKTAGLIST = ";APPLET;EMBED;FRAMESET;HEAD;NOFRAMES;NOSCRIPT;OBJECT;SCRIPT;STYLE;XML;"
Dim nPos1
Dim nPos2
Dim nPos3
Dim strResult
Dim strTagName
Dim bRemove
Dim bSearchForBlock
nPos1 = InStr(strText, "<")
Do While nPos1 > 0
nPos2 = InStr(nPos1 + 1, strText, ">")
If nPos2 > 0 Then
strTagName = Mid(strText, nPos1 + 1, nPos2 - nPos1 - 1)
strTagName = Replace(Replace(strTagName, vbCr, " "), vbLf, " ")
nPos3 = InStr(strTagName, " ")
If nPos3 > 0 Then
strTagName = Left(strTagName, nPos3 - 1)
End If
If Left(strTagName, 1) = "/" Then
strTagName = Mid(strTagName, 2)
bSearchForBlock = False
Else
bSearchForBlock = True
End If
If InStr(1, TAGLIST, ";" & strTagName & ";", vbTextCompare) > 0 Then
bRemove = True
If bSearchForBlock Then
If InStr(1, BLOCKTAGLIST, ";" & strTagName & ";", vbTextCompare) > 0 Then
nPos2 = Len(strText)
nPos3 = InStr(nPos1 + 1, strText, " 0 Then
nPos3 = InStr(nPos3 + 1, strText, ">")
End If
If nPos3 > 0 Then
nPos2 = nPos3
End If
End If
End If
Else
bRemove = False
End If
If bRemove Then
strResult = strResult & Left(strText, nPos1 - 1)
strText = Mid(strText, nPos2 + 1)
Else
strResult = strResult & Left(strText, nPos1)
strText = Mid(strText, nPos1 + 1)
End If
Else
strResult = strResult & strText
strText = ""
End If
nPos1 = InStr(strText, "<")
Loop
strResult = strResult & strText
RemoveHTML = strResult
End Function
%>
<%
'Determine whether page has been posted to or not
Dim blnPost
If Ucase(Request.ServerVariables("REQUEST_METHOD")) = "POST" Then
blnPost = True
End If
%>
<%
'** Atempt to save content to DB
If (blnPost) Then
'**Capture the data, strip blocked characters then save it to DB **
'Read posted data and replace single quotes to prevent db errors
strFirstName = Replace(Request.Form("FirstName"), "'", "''")
strLastName = Replace(Request.Form("LastName"), "'", "''")
strAddressLine1 = Replace(Request.Form("AddressLine1"), "'", "''")
strAddressLine2 = Replace(Request.Form("AddressLine2"), "'", "''")
strCity = Replace(Request.Form("City"), "'", "''")
strState = Replace(Request.Form("State"), "'", "''")
strZip = Replace(Request.Form("Zip"), "'", "''")
strPhone = Replace(Request.Form("Phone"), "'", "''")
strAge = Replace(Request.Form("Age"), "'", "''")
strEmail = Replace(Request.Form("Email"), "'", "''")
stremailFormat = Replace(Request.Form("emailFormat"), "'", "''")
IPAddress = Replace(Request.Form("IPAddress"), "'", "''")
'Clean up posted content - remove all blocked html tags
strFirstName = RemoveHTML(strFirstName)
strLastName = RemoveHTML(strLastName)
strAddressLine1 = RemoveHTML(strAddressLine1)
strAddressLine2 = RemoveHTML(strAddressLine2)
strCity = RemoveHTML(strCity)
strState = RemoveHTML(strState)
strZip = RemoveHTML(strZip)
strPhone = RemoveHTML(strPhone)
strAge = RemoveHTML(strAge)
strEmail = RemoveHTML(strEmail)
stremailFormat = RemoveHTML(stremailFormat)
IPAddress = RemoveHTML(IPAddress)
'Check to see if this is a duplicate entry
MM_flag="MM_insert"
If (CStr(Request(MM_flag)) <> "") Then
MM_dupKeyRedirect="duplicate.asp"
'MM_rsKeyConnection=MM_connAURNDB_STRING
'MM_dupKeyUsernameValue = CStr(Request.Form("Email"))
'MM_dupKeyUserLnameValue = CStr(Request.Form("LastName"))
'MM_dupKeySQL="SELECT Email, LastName FROM dbo.contestCountryTime WHERE Email='" & MM_dupKeyUsernameValue & "' AND LastName='" & MM_dupKeyUserLnameValue & "'"
'MM_adodbRecordset="ADODB.Recordset"
'set MM_rsKey=Server.CreateObject(MM_adodbRecordset)
'MM_rsKey.ActiveConnection=MM_rsKeyConnection
'MM_rsKey.Source=MM_dupKeySQL
'MM_rsKey.CursorType=0
'MM_rsKey.CursorLocation=2
'MM_rsKey.LockType=3
'MM_rsKey.Open
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = MM_connAURNDB_STRING
objConn.CursorLocation = 3
objConn.Open()
Set objCmd = Server.CreateObject("ADODB.Command")
Set objCmd.ActiveConnection = objConn
objCmd.CommandType = 1
objCmd.CommandText = "SELECT Email, LastName FROM dbo.contestCountryTime09 WHERE Email=? AND LastName=?"
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = CStr(Request.Form("Email"))
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = CStr(Request.Form("LastName"))
objCmd.Parameters.Append( objParam )
Set MM_rsKey = objCmd.Execute
If Not MM_rsKey.EOF Or Not MM_rsKey.BOF Then
' the username was found - can not add the requested username
MM_qsChar = "?"
If (InStr(1,MM_dupKeyRedirect,"?") >= 1) Then MM_qsChar = "&"
'MM_dupKeyRedirect = MM_dupKeyRedirect & MM_qsChar & "requsername=" & MM_dupKeyUsernameValue
Response.Redirect(MM_dupKeyRedirect)
End If
MM_rsKey.Close
End If
'Construct the insert string
'strSQL = "INSERT INTO dbo.contestCountryTime (FirstName, LastName, AddressLine1, AddressLine2, City, State, " & _
' "Zip, Phone, Age, Email, emailFormat, IPAddress) VALUES ('" & strFirstName & "', '" & strLastName & "', '" & _
' strAddressLine1 & "', '" & strAddressLine2 & "', '" & strCity & "', '" & strState & "', '" & strZip & "', '" &_
' strPhone & "', '" & strAge & "', '" & strEmail & "', '" & stremailFormat & "', '" & IPAddress & "')"
'If all is well, add to database
'Set Conn = Server.CreateObject("ADODB.Command")
'Conn.ActiveConnection = MM_connAURNDB_STRING
'Conn.CommandText = strSQL
'Conn.Execute
'Conn.ActiveConnection.Close
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = MM_connAURNDB_STRING
objConn.CursorLocation = 3
objConn.Open()
Set objCmd = Server.CreateObject("ADODB.Command")
Set objCmd.ActiveConnection = objConn
objCmd.CommandType = 1
objCmd.CommandText = "INSERT INTO dbo.contestCountryTime09 (" &_
"FirstName, LastName, AddressLine1, AddressLine2, City, State, Zip, Phone, Age, Email, emailFormat, IPAddress)" &_
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strFirstName
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strLastName
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strAddressLine1
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strAddressLine2
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strCity
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strState
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strZip
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strPhone
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value =strAge
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = strEmail
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = stremailFormat
objCmd.Parameters.Append( objParam )
Set objParam = objCmd.CreateParameter("@param", adVarChar, adParamInput, 250)
objParam.value = IPAddress
objCmd.Parameters.Append( objParam )
Set MM_rsKey = objCmd.Execute
' Send to Thank You page
Response.Redirect "thank-you.asp"
End If
%>
Quench Your Thirst Sweepstakes
Summertime is the time for Country Time, so AURN and Country Time have teamed up to give two lucky winners a summer barbeque prize package including $100 worth of Country Time Lemonade!
