<% if SESSION("UserID")="" or not CheckSecurity(SESSION("_" & strTableName & "_OwnerID"),"Add") and not CheckSecurity(SESSION("_" & strTableName & "_OwnerID"),"Edit") then response.Redirect "login.asp" response.End end if field=postvalue("field") categoryfield="" categoryvalue="" if categoryfield<>"" then _ categoryvalue=postvalue("category") table="" linkfield="" dispfield="" if not CheckAddNewItemAllowed(field,table,linkfield,dispfield) then response.End if len(request.Form("newitem"))>0 then object=GoodFieldName(field) dbConnection="" db_connect() Set rsn = server.CreateObject("ADODB.Recordset") strValue = postvalue("newitem") '// check if need quotes rsn.Open "select * from " & AddTableWrappers(table) & " where 1=0",dbConnection, 1, 2 if NeedQuotes(db_fieldtype(rsn,dispfield)) then strValue="'" & db_addslashes(strValue) & "'" else strValue=my_numeric(strValue) end if rsn.Close ' check for uniqueness strSQL = "select count(*) from " & AddTableWrappers(table) & " where " & AddFieldWrappers(dispfield) & "=" & strValue if categoryfield<>"" then if NeedQuotes(db_fieldtype(rsn,categoryfield)) then categoryvalue="'" & db_addslashes(categoryvalue) & "'" else categoryvalue=my_numeric(categoryvalue) end if strSQL= strSQL & " and " & AddFieldWrappers(categoryfield) & "=" & categoryvalue end if rsn.Open strSQL,dbConnection if CLng(rsn(0))=0 then strSQL = "insert into " & AddTableWrappers(table) & " (" & AddFieldWrappers(dispfield) & ") values (" & strValue & ")" if categoryfield<>"" then strSQL = "insert into " & AddTableWrappers(table) & " (" & AddFieldWrappers(dispfield) & ", "& AddFieldWrappers(categoryfield) &")"& _ " values (" & strValue & "," & categoryvalue & ")" end if dbConnection.Execute strSQL end if rsn.Close strSQL = "select " & AddFieldWrappers(linkfield) & "," & AddFieldWrappers(dispfield) & " from " & AddTableWrappers(table) & " where " & AddFieldWrappers(dispfield) & "=" & strValue if categoryfield<>"" then strSQL= strSQL & " and " & AddFieldWrappers(categoryfield) & "=" & categoryvalue end if rsn.Open strSQL,dbConnection if FastType(field,"") and useAJAX then if postvalue("mode")=CStr(MODE_INLINE_EDIT) or postvalue("mode")=CStr(MODE_INLINE_ADD) then element="window.opener.document.getElementById('" & postvalue("id") & "')" dispelement="window.opener.document.getElementById('display_" & postvalue("id") & "')" else element="window.opener.document.forms.editform.value_" & object dispelement="window.opener.document.forms.editform.display_value_" & object end if %> <% else if postvalue("mode")=CStr(MODE_INLINE_EDIT) or postvalue("mode")=CStr(MODE_INLINE_ADD) then element="window.opener.document.getElementById('" & postvalue("id") & "')" else element="window.opener.document.forms.editform.value_" & object end if %> <% end if response.End end if %>


" id=submit1 name=submit1> ">
<% function CheckAddNewItemAllowed(field,table,linkfield,dispfield) CheckAddNewItemAllowed = false end function %>