<%@ LANGUAGE = "VBScript" %>
<%
verify
productid=request.form("productid")
name=request.form("name")
description=request.form("description")
price=request.form("price")
saleprice=request.form("saleprice")
image=request.form("image")
catcode=request.form("catcode")
notes=request.form("notes")
featured=request.form("featured")
featured=true
stage=request.querystring("stage")
if stage="save" then
'Error check the information passed
' If complete then either add a new record or update depending on value of pruductid
if name="" or name=null or len(name)>255 then
msg=msg & " You need to enter a valid name."
end if
if description="" or description=null then
msg=msg & " You need to enter a description."
end if
if price=null or not(isnumeric(price)) then
msg=msg & " You need to enter the products price."
end if
if not(isnumeric(saleprice)) and saleprice<>"" then
msg=msg & " You need to enter a valid sale price."
end if
if len(image)>255 then
msg=msg & " The image tag is too long."
end if
if not(isnumeric(catcode)) then
msg=msg & " Invalid category entered."
end if
if msg="" then
'Check wether this is an update or insert
if productid=null or productid="" then
'insert
sql="insert into products (name, description, price, saleprice, image, catcode, notes, featured) values "
sql=sql & "('" & valid_sql(name) & "','" & valid_sql(description) & "'," & valid_sql(price) & "," & valid_sql(saleprice) & ",'" & image & "'," & valid_sql(catcode) & ",'" & valid_sql(notes) & "'," & valid_sql(featured) & ")"
response.write(sql)
db.execute(sql)
else
sql=" update products set name='" & valid_sql(name) & "', description='" & valid_sql(description) & "', price=" & valid_sql(price) & ", saleprice=" & valid_sql(saleprice) & ", image='" & valid_sql(image) & "', catcode=" & valid_sql(catcode) & ", notes='" & valid_sql(notes) & "', featured=" & valid_sql(featured) & " where productid=" & valid_sql(productid)
response.write(sql)
db.execute(sql)
end if
end if
end if 'stage
%>
<% =storename %> Administration