<% Function ValidateINJ(x,l) Set objRegExpr = New regexp objRegExpr.Pattern = "(--|1=1|;|@|/|\\|\^|""&)" objRegExpr.Global = True objRegExpr.IgnoreCase = True x=replace(x,";","") x=replace(x,"'","") x=replace(x,")","") x=replace(x,"(","") x=replace(x,chr(34),"") Set colMatches = objRegExpr.Execute(x) if colMatches.Count>0 then INJECT=false else INJECT=true end if Set colMatches = Nothing Set objRegExpr = Nothing x = left(x,l) x = Replace(x,";","") x=Replace(x,"'","''") if Inject then ValidateInj=x else validateInj ="" end if end Function Function ValidateINJEmail(x,l) Set objRegExpr = New regexp objRegExpr.Pattern = "(--|1=1|;|/|\\|\^|""&)" objRegExpr.Global = True objRegExpr.IgnoreCase = True x=replace(x,";","") x=replace(x,"'","") x=replace(x,")","") x=replace(x,"(","") x=replace(x,chr(34),"") Set colMatches = objRegExpr.Execute(x) if colMatches.Count>0 then INJECT=false else INJECT=true end if Set colMatches = Nothing Set objRegExpr = Nothing x = left(x,l) x = Replace(x,";","") x=Replace(x,"'","''") if Inject then ValidateInjEmail=x else validateInjEmail ="" end if end Function set conn = Server.Createobject("adodb.connection") set rs = server.createobject("adodb.recordset") conn.open connstr if session("orderid") = "" then orderid="0" else orderid = session("orderid") end if if orderid = "0" then session("errmsg")="Your shopping cart is empty" response.redirect "http://www.spiritfitness.com/shop/form.asp" else rs.open "select * from orders where id = " & orderid, conn,3,3 if rs.eof then rs.close conn.close session("errmsg")="Order has not been created, can't update, please try again" response.redirect "http://www.spiritfitness.com/shop/abandon.asp" end if if rs("approved") then rs.close conn.close session("errmsg")="Order has been completed and paid for, can't update" response.redirect "http://www.spiritfitness.com/shop/abandon.asp" end if end if rs("email")=request("email") rs("billingname")=request("name") rs("billingcompany")=request("company") rs("billingaddress1")=request("address1") rs("billingaddress2")=request("address2") rs("billingcity")=request("city") if request("province") <> "" and request("province") <> "N/A" then if request("country") <> "United States" then rs("billingstate")=request("province") else rs("billingstate")=request("state") end if else rs("billingstate")=request("state") end if rs("billingzip")=request("zip") rs("billingcountry")=request("country") rs("billingphone")=request("phone") rs("instructions")=request("comments") rs.update rs.close conn.close if request("email") ="" then session("errmsg") = "Email address is required" response.redirect "billing.asp" end if if request("name") ="" then session("errmsg") = "Name is required" response.redirect "billing.asp" end if if request("address1") ="" then session("errmsg") = "Billing address is required" response.redirect "billing.asp" end if if request("city") ="" then session("errmsg") = "City is required" response.redirect "billing.asp" end if if request("phone") ="" then session("errmsg") = "Phone is required" response.redirect "billing.asp" end if if request("state") ="" and request("province")="" then session("errmsg") = "State or province is required" response.redirect "billing.asp" end if if request("zip")="" then session("errmsg") = "Postal code is required (Please type N/A if not applicable)" response.redirect "billing.asp" end if response.redirect "dodirectpayment.asp" %>