|
<%
' set news id varaible for stored procedure
vToxID = escape(REQUEST.QUERYSTRING("toxid"))
%>
<%
' Open a connection to the database and assign it to a variable that we can reference later when we need to connect to the DB.
Set ToxConn = Server.CreateObject( "ADODB.Connection" )
'SQL Server Connection
' DEV SERVER
' Use this connection for content reading only
'ToxConn.Open "provider=SQLOLEDB;server=SQD-CON4\QSRV1;database=CCEHIP_WEBCONTENT;uid=ContentReader;pwd=Tw/Gy9O=tNDFxSZt%Sv"
' PROD SERVER
ToxConn.Open = "provider=SQLOLEDB;server=SQP-CON4,1433;database=CCEHIP_WEBCONTENT;uid=ContentReader;pwd=Cre@CCE1Wc"
'Access Database Connection
'NewsConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="& Server.MapPath("/news/media/Data/RSSFeedDatabase.mdb") &""
'Create recordset to hold data. This is the object that we will be manipulating later
Set rs = Server.CreateObject("ADODB.Recordset")
Set rsMain = Server.CreateObject("ADODB.Recordset")
Set rsres = Server.CreateObject("ADODB.Recordset")
Set rsLKUP1 = Server.CreateObject("ADODB.Recordset")
Set rsLKUP2 = Server.CreateObject("ADODB.Recordset")
Set rsresCat = Server.CreateObject("ADODB.Recordset")
Set rsresCatFltr = Server.CreateObject("ADODB.Recordset")
%>
<%
' ====================================================
' Modified by: Andy Bedford
' Date: 07/9/2007
' Reason: Removed the select statement from code and added stored procedure for security reasons.
' usp_ToxSubstance_Main - used to get detailed information about a specific tox substance
dim sSql
dim vToxID
if isnumeric(vToxID) then
' set sSql to stored procedure name. If using parameters, separate with commas
' if string or date parameters, enclose in single quotes, else no quotes needed
sSql = "usp_ToxSubstance_MainPage " & vToxID
' execute sql call
Set rs = ToxConn.Execute(sSql)
' ====================================================
'Do While Not rs.EOF
dim strcname, strdesc, strcasid, strcasid2, strlinkMap,strEname
strEname=rs.fields("tox_show_emergency_name")
strcname=rs.fields("tox_chemname")
strdesc=rs.fields("tox_description")
strLinkMap=rs.fields("tox_Link_webmaps")
strShowEmergency=rs.fields("tox_show_emergency")
strShowCampaigns=rs.fields("tox_show_campaigns")
strcasid=rs.fields("tox_CASID")
strcasid2=rs.fields("tox_CASID2")
IF rs.fields("tox_show_entry") = "no" then
response.Redirect ("index.asp")
ELSE
%>
<%if rs.fields("tox_Link_webmaps") = "yes" then
if rs.fields("tox_CASID") <> "" or not isnull(rs.fields("tox_CASID")) then%>
<% end if
end if %>
This page has been moved.
You will be redirected to the new location in a few seconds. Please adjust your bookmarks. Page redirect <% ' ==================================================== ' Modified by: Andy Bedford ' Date: 07/9/2007 ' Reason: Removed the select statement from code and added stored procedure for security reasons. ' usp_ToxSubstance_Category - used to get unique values for category ' set sSqlCat to stored procedure name. If using parameters, separate with commas ' if string or date parameters, enclose in single quotes, else no quotes needed sSqlCat = "usp_ToxSubstance_MainPage_Category '" & vToxID &"' " ' execute sql call Set rsresCat = ToxConn.Execute(sSqlCat) ' ==================================================== Do While Not rsresCat.EOF vResCat = rsresCat.fields("res_category") strCatTitle = vResCat & " Resources for" %>
|
