<%
' Substitute in form parameters into the query string
fp_sQry = "[*]InsertSqlQuery[*]"
fp_sDefault = "[*]InsertDefaultFields[*]"
fp_sNoRecords = "[*]InsertNoRecordsFound[*]"
fp_iMaxRecords = 0[*]InsertMaxRecords[*]
fp_iTimeout = 0[*]InsertScriptTimeout[*]
fp_iCurrent = 1
fp_fError = False
fp_bBlankField = False
If fp_iTimeout <> 0 Then Server.ScriptTimeout = fp_iTimeout
Do While (Not fp_fError) And (InStr(fp_iCurrent, fp_sQry, "%%") <> 0)
	' found a opening quote, find the close quote
	fp_iStart = InStr(fp_iCurrent, fp_sQry, "%%")
	fp_iEnd = InStr(fp_iStart + 2, fp_sQry, "%%")
	If fp_iEnd = 0 Then
		fp_fError = True
		Response.Write "<B>Database Region Error: mismatched parameter delimiters</B>"
	Else
		fp_sField = Mid(fp_sQry, fp_iStart + 2, fp_iEnd - fp_iStart - 2)
		If Mid(fp_sField,1,1) = "%" Then
			fp_sWildcard = "%"
			fp_sField = Mid(fp_sField, 2)
		Else
			fp_sWildCard = ""
		End If
		fp_sValue = Request.Form(fp_sField)

		' if the named form field doesn't exist, make a note of it
		If (len(fp_sValue) = 0) Then
			fp_iCurrentField = 1
			fp_bFoundField = False
			Do While (InStr(fp_iCurrentField, fp_sDefault, fp_sField) <> 0) _
				And Not fp_bFoundField
				fp_iCurrentField = InStr(fp_iCurrentField, fp_sDefault, fp_sField)
				fp_iStartField = InStr(fp_iCurrentField, fp_sDefault, "=")
				If fp_iStartField = fp_iCurrentField + len(fp_sField) Then
					fp_iEndField = InStr(fp_iCurrentField, fp_sDefault, "&")
					If (fp_iEndField = 0) Then fp_iEndField = len(fp_sDefault) + 1
					fp_sValue = Mid(fp_sDefault, fp_iStartField+1, fp_iEndField-1)
					fp_bFoundField = True
				Else
					fp_iCurrentField = fp_iCurrentField + len(fp_sField) - 1
				End If
			Loop
		End If

		' this next finds the named form field value, and substitutes in
		' doubled single-quotes for all single quotes in the literal value
		' so that SQL doesn't get confused by seeing unpaired single-quotes
		If (Mid(fp_sQry, fp_iStart - 1, 1) = """") Then
			fp_sValue = Replace(fp_sValue, """", """""")
		ElseIf (Mid(fp_sQry, fp_iStart - 1, 1) = "'") Then
			fp_sValue = Replace(fp_sValue, "'", "''")
		ElseIf Not IsNumeric(fp_sValue) Then
			fp_sValue = ""
		End If

		If (len(fp_sValue) = 0) Then fp_bBlankField = True

		fp_sQry = Left(fp_sQry, fp_iStart - 1) + fp_sWildCard + fp_sValue + _
			Right(fp_sQry, Len(fp_sQry) - fp_iEnd - 1)
		
		' Fixup the new current position to be after the substituted value
		fp_iCurrent = fp_iStart + Len(fp_sValue) + Len(fp_sWildCard)
	End If
Loop

If Not fp_fError Then
	' Use the connection string directly as entered from the wizard
	On Error Resume Next
	set fp_rs = CreateObject("ADODB.Recordset")
	If fp_iMaxRecords <> 0 Then fp_rs.MaxRecords = fp_iMaxRecords
	fp_rs.Open fp_sQry, "[*]InsertConnString[*]"
	If Err.Description <> "" Then
		Response.Write "<B>Database Error: " + Err.Description + "</B>"
		if fp_bBlankField Then
			Response.Write "  One or more form fields were empty."
		End If
	Else
		' Check for the no-record case
		If fp_rs.EOF And fp_rs.BOF Then
			Response.Write fp_sNoRecords
		Else
			' Start a while loop to fetch each record in the result set
			Do Until fp_rs.EOF
%>
