Bakco SQL Interface

<% if Request.ServerVariables("REMOTE_ADDR") <> "216.231.49.65" then Response.Write("You are not allowed here.") end if if trim(Request("FormAction")) <> "" then on error resume next dim objConn set objConn = server.CreateObject("ADODB.Connection") objConn.open "bakco", "bakco", "insurance" select case trim(Request("FormAction")) case "DDL" if instr(Request("SQL"),";") then dim strSQL, strShortSQL strSQL = trim(request("SQL")) dim currPos, startPos, endPos currPos = 1 do while currPos > 0 startPos = currPos currPos = instr(currPos, strSQL,";") if currPos <=0 then exit do endPos = currPos - 1 currPos = currPos + 1 strShortSQL = mid(strSQL, startPos, endPos - startPos + 1) objConn.Execute strShortSQL if err.number <> 0 then Response.Write("Error in Statement '" & strShortSQL & "', error info: " & err.number & ":" & err.Source & ":" & err.Description & "
") err.Clear else Response.Write("Statement '" & strShortSQL & "' executed successfully...
") end if loop else objConn.Execute Request("SQL") if err.number <> 0 then Response.Write("Error: " & err.number & ":" & err.Source & ":" & err.Description) err.Clear else Response.Write("Statement executed successfully...") end if end if case "SELECT" dim objRS set objRS = server.CreateObject("ADODB.Recordset") objRS.Open trim(Request("SQL")),objConn if err.number <> 0 then Response.Write("Error: " & err.number & ":" & err.Source & ":" & err.Description) err.Clear else if objRS.EOF then Response.Write("No records returned") else dim field Response.Write("") Response.Write("") for each field in objRS.Fields Response.Write("") next Response.Write("") 'loop through records do while not objRS.EOF Response.Write("") for each field in objRS.Fields Response.Write("") next Response.Write("") objRS.MoveNext loop Response.Write("
" & field.name & "
" & field.value & "
") end if ' returning records objRS.Close set objRS = nothing end if 'error end select set objConn = nothing end if %>