Download Excel not working properly in ASP - asp-classic

I am new to ASP.I need to write a script for Download Excel in ASP.I tried but it is downloading the entire page content but I need to download the table from database.
Here is my code:
<%#Language="VBScript"%>
<form name="form1" id="form1" method="post">
<input type="hidden" name="action" value="sel">
<table>
<tr>
<td><input type="submit" name="submit" id="submit" value="Download Excel"></td>
</tr>
</table>
Hello World
<%
action = Request.Form("action")
If action="sel" Then
Response.ContentType = "application/octet-stream"
Response.ContentType = "application/vnd.ms-excel"
SET Conn = Server.CreateObject("ADODB.Connection")
Conn.OPEN "PROVIDER=SQLOLEDB;DATA SOURCE=10.1.1.1;UID=sa;PWD=root;DATABASE=Student"
dim Conn,Rs
set Rs=server.createobject("ADODB.recordset")
Rs.open "SELECT * FROM studentdetails",Conn
Response.AddHeader "Content-Disposition", "attachment; filename=xl_data.xls"
%>
<TABLE BORDER=1>
<TR>
<%
j = 2
For i = 0 to RS.Fields.Count - 1
%>
<TD width="18"><B>
<% = RS(i).Name %></B></TD>
<% Next %>
<TD width="42"></TD>
<TD width="53"></TD>
</TR>
<%
Do While Not RS.EOF
%>
<TR>
<% For i = 0 to RS.Fields.Count - 1
%>
<TD VALIGN=TOP><% = RS(i) %></TD>
<% Next %>
</TR>
<%
RS.MoveNext
j = j + 1
Loop
RS.Close
End If
%>
</TABLE>
In this program I have included Hello World line while downloading it is downloading that also.So Please give me some suggestions.THANKS IN ADVANCE.


replace
Response.ContentType = "application/octet-stream"
with
Response.Clear
otherwise you are sending the form and the table to Excel

Related

XSS Poor Validation Classic ASP

I am getting XSS Poor Validation issue in the following code:
<TABLE cellpadding=0 cellspacing=1 border=0 style="table-layout:fixed">
<col width=20%>
<col width=13%>
<col width=20%>
<col width=13%>
<col width=20%>
<col width=13%>
<TR height=25>
<TD class=border_title_sub colspan=2 align=center>미작성</TD>
<TD class=border_title_sub colspan=2 align=center>임시저장중</TD>
<TD class=border_title_sub colspan=2 align=center>작성완료</TD>
</TR>
<%
do until (rs_1.EOF and rs_2.EOF and rs_3.EOF)
%>
<TR height=25>
<%
if rs_1.EOF then
%>
<TD class=border_text> </TD>
<TD class=border_text align=center> </TD>
<%
else
rs_1_check_name = rs_1("check_name")
rs_1_user_name = rs_1("user_name")
%>
<TD class=border_text><%=HTMLDecode(Server.HTMLEncode(rs_1_check_name))%></TD>
<TD class=border_text align=center><%=HTMLDecode(Server.HTMLEncode(rs_1_user_name))%></TD>
<%
end if
if rs_2.EOF then
%>
<TD class=border_text> </TD>
<TD class=border_text align=center> </TD>
<%
else
rs_2_check_name = rs_2("check_name")
rs_2_user_name = rs_2("user_name")
%>
<TD class=border_text><%=HTMLDecode(Server.HTMLEncode(rs_2_check_name))%></TD>
<TD class=border_text align=center><%=HTMLDecode(Server.HTMLEncode(rs_2_user_name))%></TD>
<%
end if
if rs_3.EOF then
%>
<TD class=border_text> </TD>
<TD class=border_text align=center> </TD>
<%
else
rs_3_check_name = rs_3("check_name")
rs_3_user_name = rs_3("user_name")
%>
<TD class=border_text><%=HTMLDecode(Server.HTMLEncode(rs_3_check_name))%></TD>
<TD class=border_text align=center><%=HTMLDecode(Server.HTMLEncode(rs_3_user_name))%></TD>
<%
end if
%>
</TR>
<%
if not rs_1.EOF then rs_1.movenext
if not rs_2.EOF then rs_2.movenext
if not rs_3.EOF then rs_3.movenext
loop
rs_1.close
rs_2.close
rs_3.close
set rs_1 = Nothing
set rs_2 = Nothing
set rs_3 = Nothing
%>
</TABLE>
Here, HTMLDecode is my custom function, which is defined as follows:
<%
Function HTMLDecode(sText)
Dim I
sText = Replace(sText, """, Chr(34))
sText = Replace(sText, "<" , Chr(60))
sText = Replace(sText, ">" , Chr(62))
sText = Replace(sText, "&" , Chr(38))
sText = Replace(sText, " ", Chr(32))
For I = 1 to 255
sText = Replace(sText, "&#" & I & ";", Chr(I))
Next
HTMLDecode = sText
End Function
%>
As my data already encoded in the DB, I am using both Server.HTMLEncode("") [ To escape from Security SW ) and HTMLDecode("") [To display information properly].
Could you please help me on this.

How to add total from a search form

I like to query based on some fields to generate a report: Date range, Department, Student with date range. I have the form to work on searching....
However, I need to calculate totals for each of these fields from a report.
For example: if I search for students and the search results are:
Department Date Range Student Cost
DeptA 1/1/2012-12/31/2012 StuA $100
DeptA 1/1/2012-12/31/2012 StuB $50
DeptA 1/1/2012-12/31/2012 StuC $50
How can I calculate the total of cost automatically online (= $200)?
Thanks.
Here is my code:
<%
Path = Request.ServerVariables("PATH_TRANSLATED")
While (Right(Path, 1) <> "\" And Len(Path) <> 0)
iLen = Len(Path) - 1
Path = Left(Path, iLen)
Wend
Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.open strCon
SelectStmt = "Select * From view_costs Where "
WhereClause = ""
WhereBetweenClause = "BETWEEN"
If Request("qryDepartment") <> "All Departments" Then
qryDepartment = replace(request("qryDepartment"),"'","''")
WhereClause = WhereClause & "Department = '" & qryDepartment & "' AND "
End If
If Request("qryStudents") <> "All Students" Then
WhereClause = WhereClause & "Name = '" & Request("qryStudents") & "' AND "
End If
sStartDate = Request("StartDate")
sEndDate = Request("EndDate")
If IsDate(sStartDate) And IsDate(sEndDate) Then
WhereClause = WhereClause & "(StartDate >= '" & sStartDate & "' AND EndDate <= '" & sEndDate & "') "
End If
Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.open strCon
pstart = trim(request.form("pstart"))
pfinish = trim(request.form("pfinish"))
Set getDepartment = Server.CreateObject("ADODB.Recordset")
getDepartment.Open "Select Department from view_costs order by Department;",adoCon
Set getname = Server.CreateObject("ADODB.Recordset")
getname.Open "Select Name from view_costs order by Name;",adoCon
%>
<html>
<head>
<title>The Resport</title>
</head>
<body>
<table width="770" align="center">
<tr>
<td colspan="4" class="n"><span id="h3">Search Menu</span></td>
</tr>
<form method=Department action="Search.asp" name="Search">
<tr>
<td>
<% if not getDepartment.eof then %>
<select name="qryDepartment" size="1" title="Select a Department Name" style="width:200;background-color=#F5D0A9;">
<option selected>All Departments</option>
<% do until getDepartment.eof %>
<option><%= getDepartment("Department") %></option>
<% getDepartment.MoveNext
loop %>
</select>
<% end if %>
</td>
<td>
<% if not getname.eof then %>
<select name="qryStudents" size="1" title="Select a Student Name" style="width:200;background-color=#F5D0A9;">
<option selected>All Students</option>
<% do until getname.eof %>
<option><%= getname("Name") %></option>
<% getname.MoveNext
loop %>
</select>
<% end if %>
</td>
<%
%>
<td><span id="b"> Start:</span> <input name="StartDate" type="text" size="15" maxlength="12" value="<%=sStartDate%>">
<img src="calendar.gif" alt="calendar"></td>
<td><span id="b"> End:</span> <input name="EndDate" type="text" size="15" maxlength="12" value="<%=sEndDate%>">
<img src="calendar.gif" alt="calendar"></td>
</tr>
<tr class="search-bg">
<td colspan="6">
<input type="button" name="Submit" value="Search" onClick="if (isDate()) document.Search.submit();">
</tr></table>
<% If oRs.RecordCount = 0 Then %>
<p></p>
<% Else %>
<table width="960" align="center">
<form method="Department">
<tr bgcolor="#FE9A2E" height="25">
<td class="a"> Department Name</td>
<td class="a"> Student</td>
<td class="a"> Start</td>
<td class="a"> End</td>
<td class="a"> Cost</td>
</tr>
<tr>
<td><%=oRs("Department")%> </td>
<td><%=oRs("Name")%> </td>
<td><%=FormatDateTime(Month(oRs("StartDate")) & "/" & Day(oRs("StartDate")) & "/" & Year(oRs("StartDate")))%> </td>
<td><%=FormatDateTime(Month(oRs("EndDate")) & "/" & Day(oRs("EndDate")) & "/" & Year(oRs("EndDate")))%> </td>
<td <%=sRowStyle%>>$<%=oRs("Cost")%> </td>
</tr>
<% oRs.MoveNext %>
<% WEND %>
</table>
</td>
</tr>
</table>
<% oRs.close
set oRs = nothing
set adoCon = nothing
%>

Why not specify the fields in your SQL (instead of "SELECT * ..."), then add up the values via variables in the loop and output them in a new table row after the loop?
Or you could use SQLs SUM() function to query those values.

Creating a Table at the click of a button with classic asp

I am trying to validate information, without switching the page (in this case a username, if the username is found, great, populate a textbox and dynamically create a table with the username it it). However, I am getting an error on line 75 that reads:
ADODB.Recordset
error '800a0e78'
Operation is not allowed when the object is closed.
/login.asp, line 75
I haven't closed the recordset anywhere. By my knowledge it should work. What am I doing wrong?
<%
Dim cn,rs
Set cn = Server.CreateObject("ADODB.Connection")
Set rs = Server.CreateObject("ADODB.recordset")
cn.Provider = "Microsoft.Jet.OLEDB.4.0"
cn.Open Server.MapPath("login.mdb")
'Default message for the user on the login page
msg = "Please login"
'Logout code. This code empties the session variable which holds the user's userID.
If Request.QueryString("action") = "logout" Then
Session("user_id") = ""
msg = "You have been logged out"
End If
'Check if the form has been submitted
If Request.Form("Submit") = "Test" Then
user_name = Request.Form("user_name")
user_pass = Request.Form("user_pass")
mySQL = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" & user_name & "' AND user_pass = '" & user_pass & "'"
'Select the data from the database using the submitted data.
rs.Open mySQL, cn
'Check if a match was found.
If NOT rs.EOF Then
'Session("user_id") = rsLogin("user_id")
'Response.Redirect("profile.asp")
u = rs("user_name")
Else
'If a match was not found then output an error.
Response.Redirect("login.asp?errmsg=Login failed")
End If
End If
%>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form name="form1" id="form1" method="post" action="">
<table width="300" border="0" cellspacing="0" cellpadding="2">
<tr>
<td>Username</td>
<td><input name="user_name" type="text" id="user_name" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="user_pass" type="password" id="user_pass" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Test" /></td>
</tr>
</table>
</form>
<input id="fileno" value="<%=u%>" type="text">
<%
While NOT rs.EOF
%>
<table width="200" border="1" cellspacing="0" cellpadding="2">
<tr>
<th scope="col"><div align="left">username</div></th>
</tr>
<tr>
<td><%=u%></td>
</tr>
<%
rs.MoveNext
Wend
%>
</table>
</body>
</html>

When this condition fails.
If Request.Form("Submit") = "Test"
your code tries to access rs.eof without opening the recordset.
Put the rs.open OUTSIDE of that block.

Means you haven't closed your connection object
try set cn =Nothing at the end of your page

Having trouble getting unique id for each control after looping a table row

i am looping the entire table along with the controls. For each row the user can enter a number to perform a calculation and display in a label on that same row but it keeps on affecting all the rest of the rows because their in a loop so there is no unique id for each control.
[code]
<%# Page Title="" Language="VB" MasterPageFile="~/public.master" AutoEventWireup="false" CodeFile="ccalc.aspx.vb" Inherits="ccalc" %>
<%# Import Namespace="System.Data" %>
<%# Import Namespace="System.Data.OleDb" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder2" Runat="Server">
<div>
<h1>Estimated Monthly Electricity Consumption Calculator</h1>
</div>
<div>
<%
Dim id As Integer
Dim catname As String
Dim db As New databaseconnection
Dim cmd As New OleDbCommand
cmd.Connection = db.connection
cmd.CommandText = "select * from ecg_projectDB2.dbo.DeviceCategory"
cmd.CommandType = CommandType.Text
Dim dr As OleDbDataReader
dr = cmd.ExecuteReader
Dim found As Boolean = False
While dr.Read
found = True
id = dr("CategoryID")
catname = dr("CategoryName")
%>
<table width="100%" cellpadding="5" cellspacing="1" bgcolor="#FFFFFF" class="ten">
<tbody>
<tr>
<td colspan="5"><h2><% Response.Write(catname)%></h2></td>
</tr>
<tr align="center">
<th class="style1" bgcolor="#FFCC66">Electrically Powered Items</th>
<th class="ten" bgcolor="#FFCC66"><div align="center">Quantity</div></th>
<th class="ten" bgcolor="#FFCC66"><div align="center">Average
monthly KWh</div></th>
<th class="ten" bgcolor="#FFCC66"><div align="center">KWh/month</div></th>
<th class="ten" bgcolor="#FFCC66"><div align="center">GHc /month</div></th>
</tr>
<%
Dim appid As Integer
Dim appname As String
Dim wpm As Single
Dim brb As New OleDbCommand
brb.Connection = db.connection
brb.CommandText = "select * from ecg_projectDB2.dbo.Appliances where CategoryID = '" & id & "'"
brb.CommandType = CommandType.Text
Dim br As OleDbDataReader
br = brb.ExecuteReader
Dim ins As Boolean = False
Dim counter As Integer = 0
While br.Read
ins = True
appid = br("ApplianceID")
'quantity.ID = appid
kwh.ID = appid
ghc.ID = appid
appname = br("ApplianceName")
wpm = br("Wattpermin")
counter = counter + 1
Dim qid = quantity.id
Dim kwhid = kwh.ID
Dim totusage As Single
'Label1.Text = quantity.ID
If IsPostBack Then
Dim aaa = quantity.ID
If counter Then
'Dim MainContent As ContentPlaceHolder = CType(Page.Master.FindControl("MainContent")
kwh.Text = quantity.UniqueID
'kwh.Text = Results.text
End If
End If
%>
<tr>
<td class="style1"><strong><% Response.Write(appname)%></strong></td>
<td class="highlight"><div align="center">
<asp:TextBox ID="quantity" runat="server" AutoPostBack="True" CssClass="input"
Width="79px" ></asp:TextBox>
</div></td>
<td><div align="center">
<input name="refrigeratorMonthKWh" value="182" type="hidden" />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</div></td>
<td><div align="center">
<asp:TextBox ID="kwh" runat="server" CssClass="input4" Width="59px"></asp:TextBox>
</div></td>
<td><div align="center">
<asp:TextBox ID="ghc" runat="server" CssClass="input4" Width="59px"></asp:TextBox>
</div></td>
</tr>
<%
End While
brb.Dispose()
br.Close()
%>
</tbody>
</table>
<%
End While
cmd.Dispose()
dr.Close()
%>
</div>
<%
%>
<div>
<table width="100%" border="0" cellpadding="5" bgcolor="#FFF7E5" class="ten">
<tbody>
<tr>
<td><font color="#9f7f40">Estimated</font> monthly <u><font color="#FF0000">household </font></u>*
usage:
<asp:TextBox ID="totalusage" runat="server" CssClass="input4" Width="59px"></asp:TextBox>
kWh; <br /></td>
</tr>
<tr>
<td class="highlight"><font color="#9f7f40">Estimated</font> monthly <u><font color="#FF0000">household</font></u>*
bill: ¢
<asp:TextBox ID="totalbill" runat="server"
CssClass="input4" Width="59px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="highlight"><h3><strong><em>*Heating usage
not included in household totals</em></strong></h3></td>
</tr>
</tbody>
</table>
</div>
</asp:Content>
<asp:Content ID="Content3" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
</asp:Content>
[/code]

you should really consider using Asp.net Repeater Control. The way you doing things is NOT optimal, this is Classic Asp Approach, and you should stay away from it.
in your approach you have to use client side html controls (same as classic asp) and access them using Request Object.

ASP Table and EOF - Get error '80020009'

Consider a recordset containing four rows, as below
Team NumDocs
OPS10 2
OPS4 1
OPS5 2
OPS7 3
Consider also the following row in a table to display these.
<td>
<% If Trim(RS("Team")) = "OPS1" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS10" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS2" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS3" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS4" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS5" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS6" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS7" And not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS8" And Not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
<td>
<% If Trim(RS("Team")) = "OPS9" And Not RS.EOF Then
Response.Write(RS("NumDocs"))
RS.MoveNext
End If%>
</td>
The header row contains 10 hard coded headings, OPS1, OPS10, OPS2, etc.
The section above which populates OPS7's colum is fine, and the value of "2" is written to the cell. Then I get an error on the next column for OPS8 - obviously there's no returned value for this as it only goes up to OPS7. This is why I put a Not EOF in the IF statement, but I am still getting the error.
Can anyone assist?

You should move the RS.EOF to the first check in the IF statement E.G., go from this
If Trim(RS("Team")) = "OPS9" And Not RS.EOF Then
to this
If Not RS.EOF Then
If Trim(RS("Team")) = "OPS9" Then
... logic here ...
End If
End If
The problem is that And is not a short circuit operation in classic asp.

Unfortunately there is no error message associated with this code.
80020009 = Accessing data of a recordset that is EOF

Resources