%
Sub ErrorRedirection
Response.Redirect("/sub-tyre-products.asp")
Response.End()
End Sub
Sub GetSetValue
SearchProductID = Trim(Request("pid"))
'Prevent SQL Injection
If SearchProductID = "" Then
Call ErrorRedirection()
ElseIf NOT IsNumeric(SearchProductID) Then
Call ErrorRedirection()
End If
End Sub
Sub GetProductDetails
Dim rsGet
Dim sqlStatement
Set rsGet = Server.CreateObject("ADODB.RecordSet")
sqlStatement = "SELECT * FROM vw_st_product WHERE ProductID = " & SearchProductID
Set rsGet = QueryDB(sqlStatement)
If Not rsGet.EOF Then
ResultProductName = rsGet("ProductName")
ResultProductTypeNameList = rsGet("TypeNameList")
ResultProductPatternNameList = rsGet("PatternNameList")
ResultProductSizeNameList = rsGet("SizeNameList")
ResultProductSpec = rsGet("Specification")
ResultImageFileNameS = rsGet("ImageNameS")
ResultImageFileNameL = rsGet("ImageNameL")
ResultSEOMetaTitle = rsGet("SEOMetaTitle")
ResultSEOMetaDescription = rsGet("SEOMetaDescription")
ResultSEOMetaKeyword = rsGet("SEOMetaKeyword")
End If
rsGet.close
Set rsGet = nothing
End Sub
Function HTMLDecode(ByVal html)
Dim i
HTMLDecode = html
Do
' search the next ampersand, exit if no more
i = InStr(i + 1, HTMLDecode, "&")
If i = 0 Then Exit Do
If StrComp(Mid(HTMLDecode, i, 6), " ", vbTextCompare) = 0 Then
HTMLDecode = Left(HTMLDecode, i - 1) & " " & Mid(HTMLDecode, i + 6)
ElseIf StrComp(Mid(HTMLDecode, i, 6), """, vbTextCompare) = 0 Then
HTMLDecode = Left(HTMLDecode, i - 1) & """" & Mid(HTMLDecode,i + 6)
ElseIf StrComp(Mid(HTMLDecode, i, 5), "&", vbTextCompare) = 0 Then
HTMLDecode = Left(HTMLDecode, i - 1) & "&" & Mid(HTMLDecode,i + 5)
ElseIf StrComp(Mid(HTMLDecode, i, 4), "<", vbTextCompare) = 0 Then
HTMLDecode = Left(HTMLDecode, i - 1) & "<" & Mid(HTMLDecode, i + 4)
ElseIf StrComp(Mid(HTMLDecode, i, 4), ">", vbTextCompare) = 0 Then
HTMLDecode = Left(HTMLDecode, i - 1) & ">" & Mid(HTMLDecode, i + 4)
End If
Loop
End Function
%>
<%
Dim SearchProductID
Dim ResultProductName, ResultProductTypeNameList, ResultProductPatternNameList, ResultProductSizeNameList, ResultProductSpec, ResultImageFileNameL, ResultImageFileNameS
Dim ResultSEOMetaTitle, ResultSEOMetaDescription, ResultSEOMetaKeyword
%>
<%
Call GetSetValue()
Call GetProductDetails()
%>