<% check_security(1) %> <% dim user_id dim UserRating dim Ratings dim AvgRating dim ContentId dim rate_content_sql sub request_rate_content ''' request form inputs from this form user_id = request("user_id") UserRating = request("UserRating") Ratings = request("Ratings") AvgRating = request("AvgRating") ContentId = request("ContentId") end sub sub validate_rate_content ''' request and validate data entered from this form user_id = trim(request("user_id")) UserRating = trim(request("UserRating")) Ratings = trim(request("Ratings")) AvgRating = trim(request("AvgRating")) ContentId = trim(request("ContentId")) end sub sub get_defaults_rate_content ''' set default values for this form UserRating = 7 end sub sub db_select_rate_content sql = "SELECT " & _ "user_id, " & _ "Ratings, " & _ "AvgRating, " & _ "ContentId FROM Content" & _ " WHERE " & _ "Content.ContentId = " & to_sql(ContentId,"number") & "" on error resume next set rs = cn.Execute(sql) if err.number <> 0 then b_error = true error_list.add "select_data_rate_content", "The data selection failed. " & err.description elseif rs.EOF then b_results = false msg_list.add "select_data_rate_content", "The record was removed from the database." else user_id = rs("user_id") UserRating = rs("UserRating") Ratings = rs("Ratings") AvgRating = rs("AvgRating") ContentId = rs("ContentId") end if rs.Close on error goto 0 end sub sub db_insert_rate_content sql = "INSERT INTO Content" & _ "(" & _ "user_id," & _ "Ratings," & _ "AvgRating" & _ ") VALUES (" & to_sql(user_id,"number") & "," & _ "" & to_sql(Ratings,"number") & "," & _ "" & to_sql(AvgRating,"text") & ")" & _ "" 'response.write sql on error resume next cn.Execute(sql) if err.Number <> 0 then b_error = true error_list.add "db_insert_rate_content" & err.Number ,"The database insert failed. " & err.Description else set rs = cn.Execute("SELECT @@IDENTITY") ContentId = rs(0) rs.Close msg_list.add "db_insert_rate_content","The database insert was successful." end if on error goto 0 end sub sub db_update_rate_content sql = "UPDATE Content SET " & _ "AvgRating = (AvgRating + " & to_sql(UserRating,"number") & ")/2, " & _ "Ratings = Ratings + 1 WHERE " & _ "ContentID = " & ContentId & "" 'response.write sql on error resume next cn.execute(sql) if err.number <> 0 then b_error = true error_list.add "db_update_rate_content" & err.Number ,"The database update failed. " & err.Description else end if on error goto 0 end sub sub db_delete_rate_content sql = "DELETE FROM Content" & _ " WHERE " & _ "ContentId = " & to_sql(ContentId,"number") & "" 'response.write sql on error resume next cn.Execute(sql) if err.number <> 0 then b_error = true error_list.add "db_delete_rate_content" & err.Number ,"The database deletion failed. " & err.Description else msg_list.add "db_delete_rate_content","The record was removed." end if on error goto 0 end sub do_search = request("do_search") ''' request form keys and inputs ContentId = request("ContentId") ''' request action action = lcase(request("action")) ''' action case handler select case action case "select_rate_content" ' select the requested key record from database if ContentId <> "" then db_select_rate_content else b_error = true error_list.add "edit_rate_content", "Specify record to select." end if case "insert_rate_content" ' request form data and insert a new record into database validate_rate_content if not b_error then db_insert_rate_content response.write "" end if case "update_rate_content" ' request form data and update an existing database record validate_rate_content if not b_error then if ContentID <> "" then ''' make sure this IP has not voted already set rs = cn.Execute("SELECT ContentId FROM ContentRatings WHERE ContentId=" & ContentId & " AND IP='" & Request.ServerVariables("REMOTE_ADDR") & "'") if rs.EOF then cn.Execute ("INSERT INTO ContentRatings (ContentId, user_id, Rating, IP) VALUES (" & ContentId & "," & to_sql(session("user_id"),"number") & "," & UserRating & ",'" & Request.ServerVariables("REMOTE_ADDR") & "')") db_update_rate_content msg_list.add "thanks", "Thank you" else msg_list.add "sorry", "You have rated this content." rs.Close end if else b_error = true error_list.add "update_rate_content", "Specify record to update." end if end if case "delete_rate_content" ' delete the requested key database record if ContentId <> "" then db_delete_rate_content response.redirect request.servervariables("script_name") & "?msg=The+record+was+deleted." else b_error = true error_list.add "delete_rate_content", "Specify record to delete." end if end select ':: handle the default case(s) for each form (separate from action= parameter) if ContentID <> "" then db_select_rate_content get_defaults_rate_content end if %>

<% display_errs display_msg %> <% ':: check if hide form var was set if not b_hide_rate_content then %> Content Rating select 1(worst) - 10(best) <% if not isnull(UserRating) then '' if (UserRating < 1) AND (not UserRating) then UserRating = 0 else UserRating = 0 end if %> selected<% end if %>>1 selected<% end if %>>2 selected<% end if %>>3 selected<% end if %>>4 selected<% end if %>>5 selected<% end if %>>6 selected<% end if %>>7 selected<% end if %>>8 selected<% end if %>>9 selected<% end if %>>10   <% ':: end hide form if end if %> <% ':: assure that any db resources are freed on error resume next rs.Close set rs = NOTHING cn.Close set cn = NOTHING user_cn.Close set user_cn = NOTHING on error goto 0 %>