Skip to main content

" & rs("ProductName") & "

0) Then For Each x in con.Errors ' Default condition to fail connect is "rw" ... ConnectFailed = CBool((x.Number 0) OR (Instr(x.Description, "read-only") 0)) If (ConnectFailed) Then Call Log(0, "eShop/ConnConnect(): Error# " & x.Number & " (" & x.Description & ")") '''removed for security '''Call Log(0, "eShop/ConnConnect(): ConnectString: " & ConnectionString) Exit For End If Next If (ConnectFailed) Then Response.Write ("
Sorry, the shop is currently busy. Please try again in a few minutes!
") CloseObject con Response.End End If End If strQ = lcase(Request.ServerVariables("QUERY_STRING")) if len(strQ) > 50 then Call SendAdminEmail(strQ) Response.redirect "store_home.asp" end if ' Can NOT use "%" and "=" because some categories haves spaces! sBadChars = array("password", "information_schema", chr(34), "%22", "%27","value","variablename","from","parms","where","union", "select", "drop", ";", "--", "insert", "delete", "xp_", "#", "&", "'", "(", ")", ":", ";", "", "[", "]", "?", "`", "|") For iCounter = 0 to uBound(sBadChars) if instr(1,strQ,sBadChars(iCounter)) > 0 then Call SendAdminEmail(strQ) Response.redirect "store_home.asp" end if Next SQL = "Select * from Products Where ProductCode='" & SQLsafe(Request.QueryString("ProductCode")) & "'" rs.CursorLocation = adUseClient rs.Open SQL, Con, adOpenKeyset, adLockOptimistic Do While not rs.EOF Response.Write "
" Response.Write "" Response.Write "

" ' add buy link to top of folio pages DateOK = true if len (rs("ProductEndDate")) > 5 then ' date exists if datediff("d",now(),rs("ProductEndDate")) "yes" AND DateOK) OR (Request.QueryString("ProductCode") = "W-TEST" AND DateOK) then if instr(1,Request.QueryString("ProductCode"),"-FOL-") > 0 then Response.Write "

Click here to order

" end if Response.Write "

" & rs("ProductDescriptionLong") & "

" Response.Write "

ProductCode: " & rs("ProductCode") & "

" if rs("UnitPrice") "0" then Response.Write "

Price: " & FormatCurrency(rs("UnitPrice")) & "

" if rs("StockStatus") "DO-NOT-SELL" then ''Response.Write "

Click here to order

" Response.Write "

" end if else Response.Write "

Sorry, this product is not currently available.

" end if Response.Write "
" rs.movenext Loop CloseObject rs CloseObject con Public Sub Log (ByVal Level, ByVal Line) Dim AbsFileName, FileObj, FileOut, RootPath, cstRegNum ' Fail quietly if permission problems ... On Error Resume Next ' Name log file with registration number, to protect it from outsiders. cstRegNum = "455783" if Session ("local") then RootPath = "C:\Inetpub\wwwroot\Focusing\eshop\" else RootPath = "c:\domains\focusing.org\eShop\" end if AbsFileName = RootPath & "$L" & cstRegNum & ".txt" Set FileObj = Server.CreateObject("Scripting.FileSystemObject") Set FileOut = FileObj.OpenTextFile(AbsFileName, 8, True) FileOut.WriteLine(Now() & " " & Line & " (" & _ Request.ServerVariables("REMOTE_HOST") & ")") FileOut.Close Set FileOut = Nothing Set FileObj = Nothing End Sub Function SendAdminEmail(strQ) Dim from_email,from_name,to_email,bcc_email,cc_email,message,subject,text_body if session("local") OR datediff("n",Application("mailed500"),now()) > 1 then Application("mailed500") = Now() from_email = "admin@focusing.org" from_name = "Focusing Admin" to_email = "webmaster@focusing.org" bcc_email = "" cc_email = "" text_body = "" 'HTML email message = strQ if Session("local") then subject = "LOCAL Store SQL error" else' ORCS subject = "Store SQL error" end if Call SendCDOEmail(from_email,from_name,to_email,bcc_email,cc_email,subject,message,text_body) end if End Function %>