rewriting with refresh

Licass · Feb 17, 2006

hello , i need help to prevent users from rewriting form data when refresh a
page. this is the code :

<html>

<head>

<%

Function ParseBody(strText)

strText = Replace(strText, Chr(13), "<br>")
ParseBody = strText
End Function

Dim myConnString
Dim myConnection
Dim mySQL
myConnString = Application("basededados1_ConnectionString")

Set myConnection = Server.CreateObject("ADODB.Connection")

myConnection.Open myConnString

mySQL= "INSERT INTO prereserva"
mySQL= mySQL &
"(cod_casa,nm_mes,n_semana,inicio,fim,preco,quinzena,nome,morada,email,telef
one,perguntas,sugestões,comentários,id) "
mySQL= mySQL & "VALUES ('" & Request.Form("cod_casa") & "','"

mySQL= mySQL & Request.Form("nm_mes")
mySQL= mySQL & "','" & Request.Form("n_semana")
mySQL= mySQL & "','" & Request.Form("inicio")
mySQL= mySQL & "','" & Request.Form("fim")
mySQL= mySQL & "','" & Request.Form("preco")
mySQL= mySQL & "','" & Request.Form("quinzena")
mySQL= mySQL & "','" & Request.Form("nome")
mySQL= mySQL & "','" & Request.Form("morada")
mySQL= mySQL & "','" & Request.Form("email")
mySQL= mySQL & "','" & Request.Form("telefone")
mySQL= mySQL & "','" & Request.Form("perguntas")
mySQL= mySQL & "','" & Request.Form("sugestoes")

mySQL= mySQL & "','" & Request.Form("comentarios")

mySQL= mySQL & "','" & Request.Form("id")& "')"

myConnection.Execute mySQL

myConnection.Close
Set myConnection = Nothing
%>

<link rel="stylesheet" type="text/css" href="estiloEnter.css">
</head>

<body bgcolor="#FFFFFF" class="ftxt">

<p><b><font face="Tahoma" size="2" color="#0000FF"><---- Teste aqui os
seus
dados e proceda ao pagamento via Paypal ou cartão de crédito</font></b></p>

<p><b><span ><font>Obrigado pelo seu interesse!
<br>
Foi enviado um E-mail.</font></span></b></p>
<b>
<span><font>Enviado para: <%
'%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Response.Write Request.Form("EMail")
'%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%>
</font></span></b><p><b><span>De:  Sulférias</font></span></b></p>
<b>
</p>
<p><span>Assunto: Dados Pré reserva
</font></span></p>


<% if 0 then %>
<SCRIPT Language="JavaScript">
document.write("<div style='background: yellow; color: black;'>Não é
possível ao componente 'Resultados de base de dados' desta página mostrar o
conteúdo da base de dados. A página tem de ter um nome de ficheiro que
termine em '.asp' e a web tem de estar localizada num servidor que suporte
as Active Server Pages.</div>");
</SCRIPT>
<% end if %>
<%
fp_sQry="SELECT * FROM query_prereserva"
fp_sDefault=""
fp_sNoRecords="Não foram devolvidos registos."
fp_sDataConn="BaseDeDados1"
fp_iMaxRecords=256
fp_iCommandType=1
fp_iPageSize=0
fp_fTableFormat=False
fp_fMenuFormat=False
fp_sMenuChoice="n_prereserva"
fp_sMenuValue="n_prereserva"
fp_sColTypes="&n_prereserva=3&data=135&expira=135&cod_casa=3&nm_mes=3&n_sema
na=202&inicio=135&fim=135&preco=6&Nome=202&morada=202&email=202&telefone=202
&perguntas=202&sugestões=202&Comentários=202&quinzena=202&valor=202&id=3&"
fp_iDisplayCols=5
fp_fCustomQuery=False
BOTID=0
fp_iRegion=BOTID
%>

<form
METHOD="POST" action="ver_prereserva.asp" onsubmit="return
FrontPage_Form1_Validator(this)" language="JavaScript"
name="FrontPage_Form1">
<p>
</p>
<p>
<input type="text" name="quinzena" size="20"
value="<%=Request("quinzena")%>"></p>
<div align="center">
<center>
<table BORDER="0" class="ftxt" style="border-width:0; border-collapse:
collapse" bordercolor="#111111" cellpadding="0" cellspacing="0" width="700">
<tr>
<td width="81"> </td>
<td width="617">
</td>
</tr>
<tr>
<td width="81"> </td>
<td width="617">
<input TYPE="hidden" NAME="email"
VALUE="<%=FP_FieldHTML(fp_rs,"email")%>"></td>
</tr>
<tr>
<td width="81"> </td>
<td width="617">
<input TYPE="hidden" NAME="preco"
VALUE="<%=FP_FieldHTML(fp_rs,"preco")%>"></td>
</tr>
<tr>
<td width="81"><b>valor do sinal:</b></td>
<td width="617">
<input NAME="valor" readonly=true border=0 SIZE="7"
VALUE="<%=cint(Request("preco")*0.3)%> ">
<b> Eur
            &nbs
p;     
<input TYPE="submit" NAME="fp_submit" value="Fazer pagamento/reserva"
style="font-family: Myriad Web; font-weight: bold" class="botao"></b></td>
</tr>
<tr>
<td COLSPAN="2"
width="698"><p>          &
nbsp;           &nbsp
;           </td>
</tr>
</table>
</center>
</div>
<input type="hidden" name="n_semana"
value="<%=Request.Form("n_semana")%>">
<input type="hidden" name="nm_mes" value="<%=Request.Form("nm_mes")%>">
<input type="hidden" name="cod_casa"
value="<%=Request.Form("cod_casa")%>">
<input type="hidden" name="n_prereserva"
value="<%=FP_FieldHTML(fp_rs,"n_prereserva")%>" size="20">
<input type="hidden" name="id" value="<%=FP_FieldHTML(fp_rs,"id")%>">
</form>

<% n_prereser = fp_rs("n_prereserva")%>


</b>

<%

Dim meumail
Dim myCDONTSMail
Dim strFrom
Dim strTo
Dim strSubject
Dim strBody
Dim strparamim

strFrom="(e-mail address removed)"

strTo=Request.Form("email")

strSubject = " Pré reserva " & n_prereser

strBody = "<html>"
strBody = strBody & "<head></head>"
strBody = strBody & "<body class=" &quot &"ftxt" &quot &";>"

strBody = strBody & " O nº da sua pré reserva e o seu E-mail são os dados
para aceder á situação em que se encontra." & Chr(13) & Chr(13) & Chr(13)
strBody = strBody & "Relembramos que a pré reserva tem 5 dias para reservar
com envio de sinal no valor de 30% do valor do aluguer." & Chr(13) & Chr(13)
& Chr(13)
strBody = strBody & "Estes são os dados da sua pré reserva:" & Chr(13) &
Chr(13)
strBody = strBody & "Préreserva nº: " & n_prereser & "" & Chr(13)
strBody = strBody & "Expira em: " & now()+7 & "" & Chr(13)
strBody = strBody & "Refª Casa: " & Request.Form("cod_casa") & "" & Chr(13)
strBody = strBody & "Mês: " & Request.Form("nm_mes") & Chr(13)
strBody = strBody & "Semana: " & Request.Form("n_semana") & Chr(13)
strBody = strBody & "Início: " & Request.Form("inicio") & Chr(13)
strBody = strBody & "Fim: " & Request.Form("fim") & Chr(13)
strBody = strBody & "Preço: " & Request.Form("preco")& " Eur" & Chr(13)
strBody = strBody & "Em nome de: " & Request.Form("nome") & Chr(13)
strBody = strBody & "Residente em: " & Request.Form("morada") & Chr(13)
strBody = strBody & "Telefone: " & Request.Form("telefone") & Chr(13) &
Chr(13)
strBody = strBody & Request.Form("perguntas") & Chr(13)
strBody = strBody & Request.Form("sugestoes") & Chr(13)
strBody = strBody & Request.Form("comentarios") & Chr(13)

strBody = strBody & Chr(13) & "Obrigado.Esperamos que o nosso serviço vá de
encontro ás suas expectativas."

strBody = strBody & "</body>"

strBody = strBody & "</html>"

Set myCDONTSMail = CreateObject("CDONTS.NewMail")
set meumail = CreateObject("CDONTS.NewMail")

meumail.bodyformat=0
meumail.mailformat=0
mycdontsmail.mailformat=0
mycdontsmail.bodyformat=0
myCDONTSMail.Send strFrom,strTo,strSubject,strBody

meumail.send strFrom,"(e-mail address removed)",strSubject,strBody

Set myCDONTSMail = Nothing
set meumail = Nothing

%>

<% '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
' Call the ParseBody function and pass the strBody string to it.
' This will replace the Chr(13) characters with <br> tags in the HTML.
Response.Write(ParseBody(strBody))

'%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%>

<head>
<NETA HTTP-EQUIV="PRAGNA" CONTENT="NO-CACHE"></head>
</body>

</html>

Stefan B Rusynko · Feb 18, 2006

Microsoft VBScript runtime error '800a01a8'	6	Nov 15, 2006
disable submit button HELP	1	Feb 14, 2006
capture webbrowser navigation events (not a question, but solution)	1	Apr 20, 2007
Database Results Wizard Error - FrontPage 2003	5	Mar 3, 2006
help with adding up numbers in a htm file, htm file in message body, thank you in advance	4	Jul 22, 2004
I am trying to understand this code...	3	Jul 26, 2008
Send Form results to database error	0	Apr 27, 2004
any ideas why I can update one table in my database but not the other?	2	Sep 22, 2006

rewriting with refresh

Licass

Stefan B Rusynko

Ask a Question

Similar Threads