Open DataBase Scripting Language

---

Version 3

    <!--SET x=1 -->
    <!--IF $y$ > 10 -->
        <!--SET x=2 -->
    <!--ENDIF-->

Beginning with release 2.1, there is an alternate method for marking commands which is more similar to other scripting languages such as ASP and JSP, and which can make your scripts easier to type and to read. The beginning of a command statement can be marked with the <% symbol, and spaces and tabs are ignored between that symbol and the command. The end of the command is marked with the %> symbol. If the next script text or line is also a command, you can use a semi-colon (";") to mark the end of one command and the beginning of another. With this mode (but not the HTML comment-style commands), the SET command is optional; that is, an "implicit SET" is assumed if a command in the form of "variable=value" is recognized. (See SET command.) Here is an example of commands using the "script tag" style:

    <% x=1;
       IF $y$ > 10;
           x=2;
       ENDIF %>

    <%
        x=1;
        IF $y$ > 10;
            x=2;
        ENDIF;
    %>

The above code could also be written on a single line (where the spaces are optional, but make the line more readable):

    <% x=1; IF $y$ > 10; x=2; ENDIF %>

"Code blocks" such as loops and IF / ELSE conditional sections, do not need to be begun and completed inside the same <% and %> "script tags". That is, you can mix the beginning and ending of these sections with ordinary text and HTML output, like this:

    <%
        x=1;
        IF $y$ > 10;
            x=2;
    %>
            <B> Y is greater than 10, so X has been set to 2. </B>

    <% ENDIF %>

The remainder of this User's Guide will use the "script tag" style for marking commands, but in all cases the "HTML comment" style will also work. All future releases will continue to recognize the "comment" style, so you do not need to convert any existing scripts. The two styles can be mixed in the same script, but you must be consistent for each individual command. That is, a command that begins with "<!--" must end with a "-->", and any command or series of commands that begin with <% must be terminated with %>.

NOTE: Any comments that are not recognized as ODBscript commands are simply copied to the output. If you see that a "command" is being output as a comment instead of being executed, check the spelling and syntax carefully. (You must use your browser's "View Source" option to see these unrecognized commands, since the browser will not show HTML comments in the normal display. Viewing the script's output with the browser's "View Source" function is an important "debugging" technique.)

For security reasons, ODBscript commands cannot be embedded in variables. That is, only commands that are actually in the script file, before variable text substitution, will be recognized.

    <% SELECT ...  ;
       EACHROW;
         IF $row$ > 50;
           BREAK;        note: quit processing if more than 50 rows;
         ENDIF;
         ...
      ENDROW %>

You must have a DATABASE statement in your HTML script file before any SQL commands. (Optionally, you may pass in a connection string in the variable named "database"; see the section Predefined Variables.) This command does not actually establish a connection, however. Rather, the connection string specified by this statement will be used to connect when an SQL command is executed.

The connection string set by this statement applies to all subsequent SQL commands until a different DATABASE command is encountered. If you need to access another database, just use another DATABASE statement before those SQL statements. (This does not mean that the database connection is re-established for each SQL statement, however. The connection established by the first SQL statement stays open until another SQL statement is executed with a different connection string, or until ODBscript terminates.)

You can use variables anywhere in the DATABASE statement (including the DSN). One common usage would be variables to insert the user's ID and password, which you might get from an input form:

    <% DATABASE "DSN=Employees; UID=$user$; PWD=$password$" %>

On Windows 98 and NT systems, you can bypass all DSN database associations by giving a complete ODBC connection specification in the DATABASE statement. (Important note: The following method for using "DSN-less connections" will not generally work on Windows 2000 and XP systems. This mode requires creating registry keys, and in the default Win2000 and XP configurations, the user ID that CGIs run under do not have permission to create registry keys, so you must use DSNs.) This connection specification would include a driver and file type specification, file location path, and various options. Refer to the ODBC documentation for complete details, but here is an example of a connection string for an MS Access database contained in the file C:\httpfile\db\products.mdb:

    <% DATATBASE "DRIVER={Microsoft Access Driver (*.mdb)};
        DBQ=c:\httpfile\db\products.mdb; FIL=MS Access" %>

Depending on the database that you are using, the DBQ specification may need to be a complete file path and file name, or it may just be a directory. Refer to the examples in the chart below. For example, the MS-Access DBQ gives the file name of the database, "c:\temp\sample.mdb", but dBASE puts each database on a separate directory, so the DBQ just indicates this directory, "c:\temp".

If you are using ODBC 3.0 (which is shipped with Office97), you may also need to use the DRIVERID keyword. In the chart below, if you are using ODBC 2.x do not use the DRIVERID keyword.

Example Connection Strings Without Using DSN

  Database                Keywords

  Microsoft Access       "DRIVER={Microsoft Access Driver (*.mdb)};
                          DBQ=c:\temp\sample.mdb;
                          FIL=MS Access"

  dBASE                  "DRIVER={Microsoft dBASE Driver (*.dbf)};
                          DBQ=c:\temp;
                          DRIVERID=277;
                          FIL=DBASE2"   (or DBASE3, DBASE4)

  Microsoft Excel 3/4    "DRIVER={Microsoft Excel Driver (*.xls)};
                          DBQ=c:\temp;
                          DRIVERID=278;
                          FIL=EXCEL"

  Microsoft Excel 5/7    "DRIVER={Microsoft Excel Driver (*.xls)};
                          DBQ=c:\temp\sample.xls;
                          DRIVERID=22;
                          FIL=EXCEL"

  Microsoft FoxPro       "DRIVER={Microsoft FoxPro Driver (*.dbf)};
                          DBQ=c:\temp;
                          DRIVERID=536;
                          FIL=FOXPRO 2.0"   (or FOXPRO 2.5, FOXPRO 2.6)

  Paradox                "DRIVER={Microsoft Paradox Driver (*.db );
                          DBQ=c:\temp;
                          DRIVERID=26;
                          FIL=PARADOX"

  Text                   "DRIVER={Microsoft Text Driver (*.txt;*.csv)};
                          DEFAULTDIR=c:\temp;
                          FIL=TEXT"

    <% DEFAULT quantity=1, phone="(none)" %>

The following code will produce a listing of all HTML file ("*.htm" and "*.html" file name extensions) on the same directory as the current script (which is set in the predefined variable $path_translated_dir$), and display each file as a clickable link (which must be a link to the server-mapped directory set in $path_info_dir$, i.e., the same specification given in the URL for the script):

    <% EACHFILE $path_translated_dir$/*.htm* %>
      <A HREF="$path_info_dir$/$file_name$"> $file_name$ </A> <BR>
    <% ENDFILE %>

(Note that there is also a SHOWINPUT command that will simply output all input CGI variables in the format of "name: value", which may be all you need for debugging or for a simple "form mailer".)

Example:

    <% EACHINPUT %>
    <P> Variable <B>$input_variable$</b> has the value "$input_value$".
    <% ENDINPUT %>

"Multi-variables" can be sent from an HTML form <SELECT> "pull-down menu" if the MULTIPLE keyword is added to the tag (e.g., <SELECT MULTIPLE name="...">). When this keyword is specified, the user can highlight more than one of the selections in the list. You can also create multiple instances of a variable simply by having multiple <INPUT> statements in an HTML form with the same name. (Typically, browsers will only send those fields that actually have data entered in them, so you can supply several input fields, and a user can enter data in as many as required.) Of course, hidden <INPUT>s with the same name can also be repeated. Another way to create multiple occurrences of a variable is by using the SETMULTI command. In each case, the EACHMULTI loop allows the script to process each value in turn. Inside the loop, $variable$ refers to the "current" value, which changes with each iteration.

You can specify a list of variable names in the EACHMULTI command, with the variable names separated by commas. In this case, "parallel" sets of multi-variables are processed, much like a row returned from an SQL query. Parallel sets of multi-variables can be created with the SETMULTI command or with parallel sets of fields on a form. (That is, your input form could be a table with several columns of variables, and several rows with the same variable names.)

If you specify a list of variables, the EACHMULTI loop will continue for as many iterations as the maximum number of any one of the variables. If you "run out" of any of the other variables before this maximum number is reached, those variables become "undefined" (unless you set a DEFAULT for them.)

Important note: In the EACHMULTI declaration line itself, do not enclose the variable names inside of "$" characters:

    Right:  <% EACHMULTI var1, var2 %>

    WRONG!  <% EACHMULTI $var1$, $var2$ %>  Don't use $ characters!

Inside the EACHMULTI loop, when you reference the variables, you do need to use the "$" characters around their names as you normally would, but you must use just the names in the EACHMULTI declaration statement.

Inside an EACHMULTI loop, you can use the internal variable $multirow$ as the current multi-variable instance number, similar to the $row$ variable in the EACHROW loop.

If you SET one of the EACHMULTI variables inside the loop, you will be resetting that specific instance of the variable (which would be useful only if you're going to reprocess that multi-variable later in another EACHROW loop).

Important Note: Do not use SETMULTI inside an EACHMULTI loop to set the same variables that you're looping on! SETMULTI always creates a new instance of the variable, so you would be creating an infinite loop. Use a regular SET statement.

There are certain ODBscript commands that may not be used inside of the EACHMULTI loop because they should not be used repetitively. These commands are not allowed: DEFAULT, FORMAT, TRANSLATE, and VALIDATE.

Example:

Suppose that a form has an entry for an e-mail address and a <SELECT MULTIPLE> list of mailing lists that a user could subscribe to. The following will insert the e-mail address into the database for each selected mailing list:

    <% EACHMULTI mailing_list;
       INSERT INTO Subscribe (mailing_list, email)
             VALUES ('$mailing_list$', '$email$');
    ENDMULTI %>

Bear in mind, however, that "nested" SQL statements create a great deal of overhead, and that nested SELECTs are rarely necessary. Instead, you can usually use a "join" operation to get data from two tables with a single query, then use the IFNEW test to do "master/detail" grouping. (See the IFNEW examples.)

There are certain ODBscript commands that may not be used inside of the EACHROW loop because they should not be used repetitively. These commands are not allowed: DEFAULT, FORMAT, TRANSLATE, and VALIDATE.

Inside an EACHROW specification, you may use the ODBscript variable $row$ to reference the current row number. The $row$ variable is initialized after each SQL statement (see the SQL command) and it is incremented for each fetched result. You might use this variable to enumerate the results, or you might want to test for particular row numbers. For example, you could use a conditional statement <% IF $row$ = 1 %> to do some special output, such as a table header, before any results are output. (But it is generally easier to put such "first row" formatting between the SQL statement and the EACHROW command: Any output after the SQL but before the EACHROW will be done for the first row only.) The $row$ variable is most useful when you want to limit the number of rows displayed.

Since the EACHROW command always loops through all of the result rows, you should not use EACHROW combined with any of the other result looping commands (TABLE, UPDATEFORM, or OPTIONLIST), unless you have another SQL SELECT statement nested in the EACHROW loop.

Example:

  <% SELECT name, phone FROM Employees WHERE dept = '$dept$' ;
     IF $row$ %>
       <H3> Employees for Department $dept$ </H3>
       <TABLE>
       <TR><TH>Name</TH><TH>Phone</TH></TR>
       <% EACHROW %>
          <TR><TD>$name$</TD><TD>$phone$</TD></TR>
       <% ENDROW %>
       </TABLE>
  <% ELSE %>
        <H3> No Employes Found for Department $dept$ </H3>
  <% ENDIF %>

If the system command or program writes any "console" output as a result of execution, this output will go directly back to the user's browser. Note that the output does not go through ODBscript, so no ODBscript processing on the output is performed. However, it is possible to "redirect" the console output to a file by using the ">" character, (e.g. <% EXEC program > file %>) then INCLUDE the file in the current script. You may also wish to use the redirection to prevent any output from going to the user's browser.

For security reasons, the command string cannot contain a "$T" command separator (which, on a command line in some versions of DOS, can be used to issue multiple commands on a single line). Also for security reasons, the EXEC command cannot be used inside an EACHROW loop (since the EACHROW specification can be passed in from a form).

Example:

  <% EXEC /httpfile/cgi-bin/odb -i/httpfile/$script$ -o/httpfile/$output$ %>

  <% IF NOT $email$ %>
    You must enter your e-mail address. Please go back and fill in that box.
    <% EXIT;
  ENDIF %>

By default, the FORM command puts ACTION="odb.exe" in the HTML <FORM> declaration. If you want to send the form input data to a different CGI program, you can give an ACTION="cgi" parameter to this command to specify a different CGI program. If you use this parameter to execute a script on your site, you can use a "relative URL" such as ACTION="/cgi-bin/program.exe". Otherwise, specify a full URL beginning with "http://..." and the domain name.

The SCRIPT option lets you specify the file that ODBscript (or another CGI, if it uses the server variable PATH_INFO) is to execute. In the SCRIPT parameter, specify only the path to the script file itself; do not include the path to the odb.exe CGI (which will be added automatically). Whatever you specify here will simply be added to the ACTION URL, so the SCRIPT parameter is primarily intended for cases where you are using the default, ODBscript. (Otherwise, you could just put the full specification for both the CGI and the extra PATH_INFO in the ACTION parameter.) You must specify either the ACTION or the SCRIPT parameter to use this command.

The optional SUBMIT parameter can be used to define the text to be used for the form's "submit" button. The default is "Submit".

The optional TARGET parameter can be used to define an HTML "target" label for the form submission result, which can be a frame name or a window name. (Note: If your form is already in a frame, the default behavior is to open the submission in the same frame, so you don't need the TARGET parameter unless you want the form submission result in a different frame or window.) For example, TARGET="_blank" can be used to open the result page in a new window.

The optional TRACE keyword will enable the ODBscript trace function when the form is submitted to the script.

If you need to pass "hidden" variables in the form, you can use the HIDDEN parameter anywhere in the list of input_fields. The format is "HIDDEN=variable" for a single variable or "HIDDEN=(var1, var2, ...)" for a list of variables. This parameter works like the HIDDEN command to generate <INPUT TYPE="hidden"> fields for the given variable or list of variables. Note that only variables can be used in the HIDDEN parameter list, so you may need to SET these variables before using them in the FORM.

Following any of these optional parameters that you wish to use, you can specify one or more input_fields separated by commas. For each, an HTML <INPUT NAME="..."> is added to the form, using the given field name. An input_field box can be initialized to a specific value by using the format "input_field=value". (The "value" does not need to be enclosed in double-quotes unless in contains any commas.) The user will be able to edit this value, if desired.

You can control the size of each <INPUT> field by using the optional ":size" specification (i.e., a colon followed by a number) after the input_field name in the FORM list. For example, "first_name:24" would produce <INPUT TYPE="text" NAME="first_name" SIZE="24"> which would be an input box named "first_name" that is 24 characters wide. If no size is specified, ODBscript uses a default size of 50 characters. If you give a field size larger than 99, then ODBscript automatically uses an HTML <TEXTAREA> input, which is a multiple-line scrolling window. This window will be at most 64 characters wide and as many lines as it takes to hold your specified field size. For example, a specified size of 250 would produce a 50-character, 5-line textarea window. However, you can directly specify the size of a <TEXTAREA> by giving the "size" specification as two numbers separated by an "x" (for example, 'Description:64x4'), where the two numbers are to be the number of columns and the number of rows. (The numbers can be given in either order; the larger number will always be used as the field width and the smaller number will be the number of lines.)

By default, the input_field name is also displayed on the form, immediately in front of the input box, to identify the requested data. For improved appearance and readability, ODBscript capitalizes the first letter of this "label", converts any underscore characters to spaces, and capitalizes any letter following an underscore. For example, "customer_name" would have a label of "Customer Name".

If you want to have a different input box label, something other than the input_field name, you can specify a label in double-quotes immediately in front of the input_field name. Note: You must have a space, not a comma, between the quoted label and the input_field name.

Anywhere in the list of input_fields for this command, you may specify "OPTIONLIST=(...)", and the arguments inside the parentheses can be the same as the OPTIONLIST command. Specifically, you can have "OPTIONLIST=(column from table)" to select the options from the database, or you can give a comma-separated list of literal values in the form of "OPTIONLIST = (input_field = value1, value2, ...)". In either case, if the given input_field is already defined as an ODBscript variable and it has a current value that is in the list of options shown by this command, then that option will be "SELECTED" in the list. (That is, the current value will already be highlighted in the list the user sees). Therefore, you can use this feature to preset a particular option to SELECTED by using a SET input_field=value before using input_field in the FORM command.

You can also specify a CHECKBOX variable in the FORM command. Again, this may be anywhere in the list of input_fields, and the format is "CHECKBOX=(input_field, checked_val, unchecked_val)". The "checked_val" will the variable's value if the user checks the box; otherwise the variable will have the "unchecked_val". Similar to the OPTIONLIST, if the specified input_field is already defined as a variable and it has a current value equal to the "checked_val", then the user will see the box as already checked. Otherwise it will be unchecked. (NOTE: Browser's only send a value if a checkbox is checked, and send nothing for that variable if the box is unchecked. Therefore, the "unchecked_val" is passed to the next script in a hidden variable named "default" -- one of the predefined input variables that ODBscript always processes -- with a value of "input_field=unchecked_val". Like a DEFAULT statement in a script, this value will be used if the user doesn't check the box. Therefore, if you use the FORM CHECKBOX with your own script, don't specify a DEFAULT for the checkbox variable in the next script.)

The PASSWORD keyword can be used to define a TYPE="password" input field. Browsers do not display the values typed into "password" fields; instead, they show an asterisk (*) for each character typed. Other than this special processing in the browser, a password field is like any other text input field.

Example:

The following example uses all optional parameters except ACTION (which defaults to odb.exe). Many fields have sizes declared (which defaults to 50 characters if ":size" is not given). This example also provides a double-quoted "display label" for each field, which is different from the input_field variable name, to show the proper syntax for each type of option. (If these quoted labels are not used for a field, then the display label would be the same as the input_field name that immediately follows the quoted label.) Unlike INSERTFORM and UPDATEFORM, the FORM command does not need to have apostrophes (single-quotes) around text-data fields. (Those commands need the single-quotes to generate properly quoted values in SQL statements, but FORM does not generate any SQL.)

 <% FORM SCRIPT="/httpfile/query.odb",
     "First Name" firstname:24, "Last Name" lastname:24,
     "Home Address" address, "City, State, and Zip" csz,
     OPTIONLIST=("Department" dept from Departments),
     CHECKBOX=("Hourly?" hour, Y, N),
     "Salary or hourly rate" rate:8,
     HIDDEN=(uid, pwd) %>

Note that the FORMAT command does not cause formatting at the point that it is issued; it defines a mask that will be used anytime that the variable is referenced. Therefore, the FORMAT command can appear anywhere in the script before the point that the variable will be referenced for output. (Specifically, the FORMAT command should not, and cannot, be used inside an EACHROW loop. Specify the FORMAT mask before the EACHROW.) Note, however, that there is a string function, $format( ), that does perform this same formatting function at the point that it is encountered.

Date formats are explained below. For numeric and ordinary text values, the formatting mask uses the pound sign character (#) to indicate a position that can be filled by a character or digit from the variable. For numeric values, the zero character (0) also represents a position that can be filled by a digit from the variable, or a "0" if there is no digit at that position. Other characters (except as noted below) are copied to the formatted output.

For variables that have a numeric value (i.e., a variable containing only digits, plus or minus sign, or a decimal point), you may use the minus sign (-) as the first character of the mask to indicate that negative numbers should be formatted with a "-" sign in front, but positive numbers are to have no sign. A plus sign (+) as the first mask character causes both positive and negative numbers to be shown with a plus sign or a minus sign, respectively. If the mask does not use either the plus or minus signs as the first character, then negative numbers will be shown without a sign.

You may also use the dollar sign character ($), the pound sign character (£), or any currency symbol set using SETOPTION currency as the first mask character (or as the second character if you have a plus or minus sign as the first character.) This will cause the currency symbol to be added to the front of a numeric value. You can set an alternate currency character using the SETOPTION CURRENCY="character" command.

For numeric variables, the explicit or implicit decimal points of the mask and the number are aligned. The result will have a decimal point only if the mask does. Working toward both the left and right of the decimal point, digits from the variable replace any "#" characters in the mask, but only if there is a digit at a given position. If there is no digit at that position, then the formatting process stops. That is, as long as there are digits remaining in the value, then "#" characters are replaced by digits and special characters such as commas are copied to the output, but when there are no digits left, then the formatting is finished and special characters past that point are ignored. A "0" character in the mask will be replaced by the digit from the variable at that corresponding position, if there is one, or the "0" will remain in the output if there is no digit.

By default, format masks expect that the period character "." is used in masks to denote a decimal point (i.e. the separator between the whole-number digits and the fractional digits). To use another character as the decimal point marker, such as a comma, you can use the SETOPTION DECIMAL="," command. If you set that, then you can use the period character as the thousands-separator, such as "#.###.##0,00". (Actually, you can use any character except the current decimal point character as the thousands-separator, so you could use a mask such as "# ### ###" to have spaces separating each three-digit group.)

If a numeric value has more fractional digits than the format mask specifies, then the value will be rounded. If the mask does not specify any fractional digits, then the numeric value will be rounded to a whole number.

Here are some examples:

    <% FORMAT price="$#,###,##0.00" %>

    If price is:    the output will be:
     10.00                 $10.00
     1250.00               $1,250.00
     1250.999              $1,251.00
     6.0000                $6.00
     .501                  $0.50
     .509                  $0.51
     -1                    $1.00

    <% FORMAT price="-$#,###,##0.00" %>

    If price is:    the output will be:
      235000               $235,000.00
      -10.999              -$10.99

    <% FORMAT value="+#####0.0###" %>

    If value is:    the output will be:
      1                    +1.0
      505.505              +505.505
      -23.123456           -23.1235
      .5                   +0.5

NOTE: If your mask contains any commas, then you must enclose the mask in double-quotes (") in the FORMAT command. This is because commas separate the "variable=mask" pairs in the command. If the actual mask contains any double-quote characters ("), you must use single-quotes (') around the mask, such as '"mask"'. Quotes are optional if there are no commas or double-quotes in the mask.

Date format masks are different from numeric and ordinary text format masks. A date format mask should not have any "#" characters. Instead, you can use "y", "m", and "d" in various ways to specify year, month, and day, respectively. All other characters in the mask (such as spaces, commas, dashes, or slashes) are simply copied into the output. When date formatting is specified, the input value to be formatted is an ordinary character string, but it must be recognizable as a valid date by the following rules:

• The year, month and day must be separated from each other by any combination of spaces, commas ",", slashes "/", dots ".", or dashes "-".
• If the input fields are all numeric values, then they are assumed to be in month-day-year order, unless the SETOPTION DATE="..." command has set some other order.
• Month names or abbreviations are recognized. English month names are assumed unless the SETOPTION MONTHS="..." command has set some other list of names.
• If a month name is recognized where a day was expected according to the current DATE="..." order, then a valid format will be assumed by simply switching the day and the month fields. (For example, the default DATE order is "mdy", but "05-JAN-00" will be recognized as if it were "January 5, 2000" or "01/05/2000", in "mdy" order.)
• Two-digit years are assumed to be in the range of 1970 to 2069.
• The month must be between 1 and 12, and the day must be within the valid range for that month (with leap-year checking for February).

If the input value is recognized as a date, then a format mask simply allows you to reformat the date. In a date mask, the single characters "y", "m" and "d" mean to output the numeric value of the year, month, and day, respectively. A single-digit month or day will be output as a single digit. For example, with a mask of "m/d/y", the date March 5, 2001 would be formatted as "3/5/2001". Alternatively, you can use "yy", "mm" or "dd" to force a two-digit result, with a leading zero added if necessary. That is, the mask "mm/dd/yy" would output "03/05/01" for March 5, 2001. Two-digit years are assumed to be in the range of 1970 to 2069.

For months only, there are two more options: "mmm" means a three-character abbreviation of the month name, and "mmmm" means the full month name. When you use these options, you can also control the character-case of the output by specify either "M" or "m" for each character of the mask. For example, the mask "Mmm" means that you want to capitalize just the first character of the three-character month abbreviation, such as Jan, Feb, etc. "Mmmm" would mean that the first character of the full month name should be capitalized, such as January. "MMM" or "MMMM" would mean that you want the abbreviation or full month name all upper-case letters (JAN or JANUARY). Lower-case "mmm" or "mmmm" would output only lower-case month abbreviations or names.

A special option in format masks is to use the "@" character to simply insert the value being formatted. That is, any "@" characters in the mask will be replaced by the entire value to be formatted. For example, suppose that you have a database column named Email that is being displayed in a result table and you want to make it a "clickable mailto" link. You can do that with format command like this at the top of the script:

    <% FORMAT Email="<a href='mailto:@'>@</a>" %>

This type of format mask also allows function calls where the "@" is one of the function arguments. For example, suppose you have a field or database column called Name, containing both first and last name, and you want to insure that whenever it's used, it's displayed with an uppercase initial character for each name and the rest of the characters in lower case. You can do that with a $wcase( ) function in the format mask:

    <% FORMAT Name="$wcase(@)" %>

You may define up to 50 format masks. You might use separate FORMAT commands for each variable or declare several in the same command, separated by commas. The list of "variable=mask" pairs can span multiple lines with the command-terminating "-->" mark (or the script-tag markers ";" or "%>") after the last variable on the last line.

<% FUNCTION name ( [arg_variable, ...] ) [local_variable, ...] %>
...
<% RETURN [expression] %>

All of the commands and text between the <% FUNCTION ...%> statement and the <% RETURN %> statement will be executed each time the function is called from the script. The function can directly output text and HTML, much like an included file, but the RETURN statement can also specify an expression that is evaluated to produce a character-string value that is returned as the "value of the function". This returned value allows user string functions to be used in variable expressions such as those allowed in IF and SET statements, or as arguments for other functions: the value of the RETURN expression is inserted into the referencing expression. Like the built-in string functions, if you call a user string function in ordinary text or HTML output, then the evaluated RETURN expression (as well as any direct output produced by the function) is simply inserted into the output at the point that the function is called. Like other string functions, you can use the returned value of a user function in an arithmetic expression, provided that the returned string is a valid number.

The "arg_variable" or comma-separated list of arg_variables defined in the FUNCTION command must be enclosed within "(" and ")" characters. These variable names are used within the function body to reference the values passed when the function is called. For example, if you define a function such as <% FUNCTION myFunc (arg) %> and then call the function from the script with a reference such as $myFunc(123), then inside the function body, the variable $arg$ will have the value "123". Like any other function, the arguments passed to the function can be any combination of variables, literal character strings, or arithmetic/logical expressions. Each argument expression in the call from the script will be fully evaluated and the result will be assigned to a corresponding argument variable in the function definition. Those values can then referred to by those variable names within the function. These function argument variables are optional and can be omitted from the FUNCTION declaration, but when the function is called from a script, the parentheses are required even if no arguments are passed. That is, if the function does not require any arguments, call it with a reference such as $name( ). In that case, you can also use an empty set of parentheses in the function definition, such as "FUNCTION name ( )" -- and you must do so if you also have a list of "local" variables as explained below -- but if the function does not require any arguments or local variables, the empty "( )" is optional in the function definition.

Important note: In the FUNCTION declaration line itself, do not prefix the function name with a "$" character, and do not enclose the argument variable names or local variable names inside of "$" characters:

    Right:  <% FUNCTION name (arg1, arg2) %>

    WRONG!  <% FUNCTION $name ($arg1$, $arg2$) %>   Don't use $ characters!

When you use the function in the script, you will need the "$" name prefix, and when you use the function arguments in the function body, you will need the "$" characters around the names, but these must not be used in the FUNCTION declaration statement.

Important note: The number of arguments passed when a function is called from the script must always exactly match the number of arguments defined within the "(" and ")" characters in the FUNCTION declaration statement. (If you don't necessarily need a particular argument for a particular call, you can pass a zero-length string, "", as an argument, and the function can test whether any argument is empty in the normal manner, e.g., <% IF $arg$ %>.)

Following the list of argument variables enclosed in "(" and ")" characters, you can optionally specify a comma-separated list of "local" variables. These are variables that will be used within the function but which should not conflict with any variables that may have the same names outside of the function, and which should not retain any values outside of the function after the call is completed. That is, these variables will be strictly local within the function, with no effect outside the function. This feature is provided because ordinarily, in addition to the passed arguments, functions also have access to all of the variables used elsewhere in the script, and any variables set or created within the function are also accessible from the script after the function is called. However, it is generally considered poor programming practice to set externally-used variables within a function or to use variables in addition to those passed as arguments. You can do those things if you chose to, because functions do have access to the full set of variables in the script, but doing so will limit the generality of the function, and it can also create some hard-to-find bugs if the wrong variables are inadvertantly altered within a function. Specifying the list of local variables will insure that no such problems occur, whether or not variables with the same names exist outside of the function. Temporary variables will be set up for these local variables, initialized to be empty strings, and you can set them within the function like any other variable. But any variables outside the function that happen to have the same names are unaffected, and these temporary variables are deleted when the function completes.

A function does not necessarily need to have any statements in its body (i.e., between the FUNCTION and RETURN statements), if all the required work of the function can be performed by the RETURN expression itself. Therefore, a function can be used simply as a "shorthand" for a long, complicated expression that is specified completely in the RETURN statement. This is useful if the function simply performs a calculation using the passed arguments, or just reformats the arguments in some special manner.

A function can call itself "recursively". That is, the function body can use a reference to the same function. However, you should take some care that the recursion has a specific limit, or ODBscript will quickly use up all available memory and terminate abnormally. For example, you might define a function that outputs a directory listing using the EACHFILE command. This command will only list the files at one level of the directory hierarchy. However, if a file is a subdirectory (which is indicated by setting $file_is_dir$ to "1" or "true"), you could have the function call itself recursively to list the files in that subdirectory. (In this case, the recursion will be limited automatically by the depth of the directory tree.)

<% HEADER http-header-type: value %>

The HIDDEN command should only be used within a <FORM> ... </FORM> declaration. Only variable names may be used in the list, without the "$" enclosing marks, but you could SET a variable to a value immediately before using it in this command.

Example:

    <FORM ... >
    <% HIDDEN uid, pwd, transaction_code %>
    ...
    </FORM>

    <% HTTPGET somedomain.com/scripts/any.cgi, var1, var2 %>

    <% HTTPGET somedomain.com/scripts/any.cgi?var1=$url($var1$)&var2=$url($var2$) %>

The response to the request (i.e., the first header returned by the request) will be stored in stored in a predefined variable named $http_response$. This request response contains a 3-digit status code and usually a text decription. A normal, successful request will have a response of "200 OK".

All other headers returned by the request are stored as a single value in the predefined variable named $http_headers$, with their original "new line" character separators. If you need to process these headers individually, you may use the $split( ) function in a loop like this:

    <% WHILE $http_headers$ ;
       a_header = $split($http_headers$, $asc(10)) %>
       .... (process $a_header$)
    <% ENDWHILE %>

(See also the string functions $httpGet( ) and $httpPost( ), which are similar to these commands except that the response can be assigned to a variable. The limitations of these string functions, however, are that the maximum response size must fit in a variable, which is 8 KB in the standard version or 32 KB in the special "large variable" version, and also that the response must be ASCII text or HTML only -- no image files, for example -- because a binary 0 will terminate a character string.)

If you need to simply output the response to the user's browser, these commands should be used instead of the string functions. If you need to process the response in any way, you can either use the $httpGet( ) or $httpPost( ) functions to assign the entire response to a single variable (subject to the restrictions stated above), or if the size restriction prevents that, you can use the OUTPUT to open a file immediately before the HTTPGET or HTTPPOST command, then another OUTPUT command with no file specified to close the file (and reset to writting to the browser). Then you can use the IMPORT command to read the file back into a variable, line by line. (Note that this method still has the restriction that the response must be ASCII text or HTML, because the IMPORT command will not work properly for binary files, since lines are read into character string variables.) To insure that multiple simultaneous request do not interfere with each other, you should use the $newFileName( ) function to get a unique file name to use for the output. For example:

    <% responseFile = $newFileName("/temp") ;
       OUTPUT $responseFile$ ;
       HTTPGET www.anotherdomain.com/scripts/some.cgi, var1, var2 ;
       OUTPUT ;    note: this closes output file;
       IMPORT line from $responseFile$ %>
        ... (loop to process the response data in $line$, one line at a time)
    <% ENDIMPORT ;
       status = deleteFile($responseFile$) %>

The only difference between using this command and the HTTPGET command above is that with this command you should always specify a list of variables to be passed, and you usually should not use a query string in the URL. (Actually, many Web servers will accept a query string in a "post" URL and will combine the two sets of variables, but you might run into compatibility issues some day if you depend on that.) See the HTTPGET command above for details and examples.

<% IF [NOT] value1 condition value2 [AND | OR ...] %> ... <% ELSE %> ... <% ENDIF %>

"Value1" and "value2" can be any variable (referenced by the variable name prefixed and suffixed with "$" signs), a "literal" value (a number or a text string), an arithmetic expression using numeric-valued variables or literals, or a "string function" expression that produces a text string. Arithmetic expression may use "+" for addition, "-" for subtraction, "*" (asterisk) for multiplication, or "/" for division. Parentheses, "(" and ")", may be used to indicate the order of evaluation (i.e., operations inside parentheses are performed first). A "unary" minus sign is allowed to indicate that a variable, constant, or expression inside parentheses is to be negated (e.g., $x$ / -$y$ or -($x$ / $y$)). You may also use any of the numeric functions in an expression.

NOTE: Variables used in IF statements must be enclosed in "$" characters. That is, the program does not assume that any operands in an IF comparison are variables. Like output text, you must enclose the variable names in "$" characters to cause the variable's values to be substituted into the expression.

The "condition" specifies a test between the two values: "=" (equal), "<>" or "!=" (not equal), ">" (greater than), "<" (less than), ">=" (greater than or equal), or "<=" (less than or equal). If the specified relationship between the two values is true, then all text and statements following the IF, up to an ELSE or ENDIF statement, will be processed. The ELSE reverses the sense of the test, and any text and statements up to the ENDIF will be processed only if the test specified in the IF statement is false.

You may combine conditional tests using AND (i.e., conditions on both sides of the AND must be true) or OR (either side may be true), or use NOT in front of a condition expression to reverse its sense. You may use parentheses to indicate the order of the compounded tests. The default is that NOT is performed first, AND is performed next, and OR has the lowest precedence. For example, "NOT $a$=1 AND $b$=2 OR $c$=3 AND $d$=4" is the same as "((NOT $a$=1) AND $b$=2) OR ($c$=3 AND $d$=4)".

Actually, you can test the "condition" of a single variable. When only one value is given in a conditional expression (or a single value is compounded with NOT, AND, or OR), then the test produces a "true" result if the value is any non-empty string or any non-zero number. For example, you can say <% IF NOT $name$ %> to test if the variable "name" has no value, or <% IF $opt1$ AND $opt2$ %> to test for having values for both variables. Four of the numeric functions are intended to be used in this way to validate input data: isNumber( ), isAlpha( ), isAlphaNum( ), and isCreditCard( ). For example, you can say <% IF NOT isNumber($price$) %> to check for an invalid number in the "price" variable.

An IF statement comparison is assumed to be a numeric comparison whenever both values are numeric values or arithmetic expressions. Otherwise, if either value is non-numeric, then a text string comparison will be used. You can use quote marks around or in a value expression to force the entire value to be treated as a text string, but the quotes are optional if the string expression contains any non-numeric characters. For these "implicit" text string comparisons, leading and trailing space on values are ignored. (For example, <% IF $var$ = this value %> is the same as <% IF $var$="this value" %>.) You can, however, include spaces inside quotes if you need to have them as part of the comparison, such as <% IF $var$ = " " %>. You may use single-quote characters (') if a value contains any actual double-quotes; for example, '"value"' would be "value" with the double-quotes included.

You may include another IF statement in the ELSE statement, such as:

    <% IF $type$=A %>
        ...
    <% ELSE IF $type$=B %>
        ...
    <% ELSE IF $type$=C %>
        ...
    <% ELSE %>
        ... (not A, B, or C)
    <% ENDIF %>

Note that if you test a variable that has a TRANSLATE table defined for it, you must test for the translated value rather than the original value. In general, remember that the "value" expressions in an IF statement are processed like normal output before any arithmetic or the comparison itself is performed.

Example (indentation helps to pair IFs with ELSEs and ENDIFs):

    <% IF $Discontinued$ = Yes %>
        This is a discontinued item.
    <% ELSE %>
        <% IF $UnitsOnHand$ %>
            We have $UnitsOnHand$ units in stock,
            <% IF $UnitsOnHand$ < $UnitsOrdered$ %>
                which is insufficient to fill this order.
            <% ELSE IF $UnitsOnHand$ - $UnitsOrdered$ < $ReorderLevel$ %>
                so we can fill this order, but it is time to reorder.
            <% ELSE %>
                so we can fill this order.
            <% ENDIF %>
        <% ELSE %>
            We have no units in stock. Time to reorder.
        <% ENDIF %>
    <% ENDIF %>

The condition specified in an IF or ELSE IF statement can span multiple lines, but the "-->" (or the script-tag markers ";" or "%>") must mark the end of the condition.

<% IFNEW variable %>

    <% SELECT category, item_number, description FROM item ORDER BY category ;
       EACHROW;
          IFNEW category %>
             <H1> $category$ </H1>
          <% ENDIF %>
          <P> $item_number$ $description$
    <% ENDROW %>

    <% SELECT * FROM master, detail WHERE master.id = detail.id
            ORDER BY master.id, detail.order_date ;
       EACHROW;
          IFNEW id %>
             (... format any data from the master table)
          <% ENDIF %>
          (... format the data from a single detail row)
    <% ENDROW %>

Note that the only argument in the IFNEW statement is a single variable. Since this argument must be a variable, you can use just the variable name without the "$" signs around it. (However, any "$" signs will be ignored.)

<% IMPORT [DELIMITER="chars",][QUOTED,][SKIP=n,] variable_list FROM file %>
...
<% ENDIMPORT %>

  <TABLE>
  <TR><TH>Name</TH><TH>E-mail</TH></TR>
  <% IMPORT DELIMITER="|", name, email FROM C:/data/maillist.txt %>
       <TR><TD>$name$</TD><TD>$email$</TD></TR>
  <% ENDIMPORT %>
  </TABLE>

  <% IMPORT DELIMITER=",", QUOTED, SKIP=1, field1, field2, field2 FROM /data/data.csv %>
     ... (any processing of $field1$, $field2$, and $field3$ from a single line)
  %lt;$ ENDIMPORT %>

  <% IMPORT DELIMITER=",", QUOTED, * FROM /data/data.csv %>
     ... (any processing of $field1$, $field2$, and $field3$ from a single line)
  %lt;$ ENDIMPORT %>

NOTE: The referenced filename must have the full file system directory path specification, such as would be used to open the file with a text editor, and no Web-server directory mapping will be applied. Please read the NOTE for the following INCLUDE command for more details.

<% INCLUDE filename [variable=value, ...] %>

The INCLUDE command will read and process the specified file. The INCLUDE file can contain any HTML and ODBscript commands, and it is processed as if the text from that file were "pasted" into the script file at the point of the INCLUDE command. (If you need to output a file without any processing, use the RETURNFILE command.) INCLUDED files may also INCLUDE additional files.

This command allows you to reuse standardized text and formatting in multiple files, and it is most useful for allowing that text to be changed easily without editing multiple files. It may also be used to define "subroutines" that are used more than once in a script.

NOTE: The referenced "filename" must have the full file system directory path specification, such as would be used to open the file with a text editor, and no Web-server directory mapping will be applied. If there is no directory path given, then the file is assumed to be on the "current directory", which is set by the Web server before executing the CGI. Unfortunately, different servers set this differently, e.g. some set it to the Web site root and some set it to the CGI program subdirectory. You can, however, generate a file system path that's on, or relative to, the current script's subdirectory using the $pathTranslated(filename) string function. This function allows using "../" to represent the "parent" directory of the script subdirectory (e.g. "../subdir/filename" would refer to a file on a different subdirectory under the same parent directory), or "subdir/filename" (without a leading "/") to represent a subdirectory of the current script directory. Using this function makes it easier to move scripts around, as long as the subdirectory structure remains the same, because you don't need to "hard code" the full file system path of the script directory.

If the file name or directory path contains any spaces, then the file name must be enclosed inside double-quote marks (").

You can also set variables in the INCLUDE command by adding a list of "variable=value" specifications, similar to the SET command. This is useful if the included file requires certain variables to be set. The first "variable=value" should be separated from the INCLUDE file name by a space, and additional variables should be separated from each other with commas, exactly like the SET command. (Note that this is not necessary for any variables that already have values, because the included file automatically has full access to all currently defined variables.)

Example:

    <% INCLUDE D:\httpfile\standard_header.htm %>

You must specify a TABLE="..." parameter, which will be the database table used in the generated SQL INSERT statement.

Note that before using the INSERTFORM command, you must have a DATABASE command. This is because the form HTML will also include a TYPE="hidden" encrypted input field to specify the database connection to use for the INSERT statement, which will be the same as the database in effect when the UPDATEFORM command is used. If necessary, use a DATABASE command immediately before the INSERTFORM command.

If given, the optional "SCRIPT=..." specification will be included on the form as a "hidden" field to tell ODBscript what script file to use when the form is submitted. (This is not required; see below.) In the SCRIPT parameter, specify only the path to the script file itself; do not include the path to the odb.exe CGI (which will be added automatically). Also note that the SCRIPT parameter must be a full file system path, starting at the disk root, and that no Web server URL directory mapping will be applied. (However, if the script in on the same directory as the script containing the INSERTFORM command, you can use the $pathTranslated(scriptname) string function, with the name of your insertion script, to get the full file system path to that file.)

If you use the "SCRIPT" keyword to define a script file to process the INSERT statement, then that script can reference two variables to perform the SQL: The database string will be passed in with the name "in_database" and the generated SQL INSERT statement will be passed in as "in_sql". Therefore, the database insertion can be performed with these statements:

    <% DATABASE $in_database$ ;
       SQL $in_sql$ %>

However, a script file is not necessarily required. Since this command generates encrypted "in_database" and "in_sql" hidden input fields, in will operate in "no script mode" if no script is specified. (See "Using ODBscript Without a Script File" for complete details. Anytime that you do not specify a script file, ODBscript will expect the variables "in_database" and "in_sql" to be passed in, and it will effectively execute the code shown above, with some error checking, or it will use your "default.odb" script if you have installed one on your system.)

The optional SUBMIT parameter can be used to define the text to be used for the form's "submit" button. The default is "Insert".

The optional TARGET parameter can be used to define an HTML "target" label for the form submission result, which can be a frame name or a window name. (Note: If your form is already in a frame, the default behavior is to open the submission in the same frame, so you don't need the TARGET parameter unless you want the form submission result in a different frame or window.) For example, TARGET="_blank" can be used to open the result page in a new window.

The optional TRACE keyword will enable the ODBscript trace function when the form is submitted to the script.

Like the FORM command, you can specify display labels for any input_field, and you can control the size of each input box. You can specify an initial value to show in the input box as "input_field=value", which the form user may edit, if desired. You can also use OPTIONLIST, CHECKBOX, and HIDDEN inputs. See the FORM command for complete input_field details.

The PASSWORD keyword can be used to define a TYPE="password" input field. Browsers do not display the values typed into "password" fields; instead, they show an asterisk (*) for each character typed. Other than this special processing in the browser, a password field is like any other text input field. Password fields are typically text fields in a database, and if so, you should enclose the column name in apostrophes (as with other text columns, which is explained below).

The TRACE keyword can be used to turn on TRACE mode, for debugging. TRACE will output the SQL statement that is generated by the INSERTFORM command, and it will also output the value of $sql_status$, so you can use this if you are getting an SQL error when the statement is executed.

NOTE: There are some special considerations for specifying the database column names in INSERTFORM (and in UPDATEFORM):

• When ODBscript generates the SQL statement to be used for the subsequent INSERT, it needs to distinguish between numeric fields and text fields, and for certain databases such as MS-Access, date fields. This is because, in SQL statements, numeric fields are given as plain digits but text fields must be enclosed in single-quotes (apostrophes). MS-Access uses "#" characters around data vales. Therefore, you MUST tell ODBscript that a key field or update field is to be treated as a text field by enclosing its INSERTFORM name in apostrophes (e.g., 'name'), or that it is to be treated as a date field by enclosing its name in '#' characters (e.g., #startdate#). If you fail to do this, the generated SQL statement will not "quote" those values, and the statement will be rejected when it is executed.
• As noted above, the input_field names must be exactly the same as database column names. This is because ODBscript uses the field names, as they are given in the INSERTFORM list, as the NAME="..." parameters in the generated HTML form and as the column names in the generated SQL INSERT statement.

Example:

The following example uses all optional parameters. Many fields have sizes declared, which defaults to 50 characters if ":size" is not given. This example also provides a double-quoted "display label" for each field, which is different from the input_field variable name, to show the proper syntax for each type of option. (If these quoted labels are not used for a field then the display label would be the same as the input_field name that immediately follows the quoted label.)

 <% INSERTFORM TABLE=Employees, SCRIPT="/httpfile/insert.odb",
     "First Name" 'firstname:24', "Last Name" 'lastname:24',
     "Home Address" 'address:50x2', "City, State, and Zip" 'csz',
     OPTIONLIST=("Department" dept from Departments),
     CHECKBOX=("Hourly?" 'hour', Y, N),
     "Salary or hourly rate" rate:8,
     HIDDEN=(uid, pwd) %>

   <% NOTE: Verify the user's ID and password before proceeding %>

    <% ONERR %>
       <% OUTPUT ODBscriptErr.log APPEND %>
       $today$ $time24$ $path_info$: $odbic_error$
       <% OUTPUT;
       odbic_error = "Internal processing error occurred.";
    ENDERR %>

    <% ONERR ;
       got_error = $odbic_error$, odbic_error = "";
    ENDERR %>

This command opens a file for writing with the WRITE command or for reading with the $read( ) string function. (Reading is performed with a string function rather than a command because it returns a single line from the file, so $read( ) allows that line to be assigned to a variable or to be output directly.)

The "fileID" is simply a label -- any name or number that you wish to use -- that must be used to reference this open file in a later WRITE command or $read( ) function. It can be a variable, such as $file$ if it needs to be "dynamic", but ordinarily it can be plain text. Using this file ID allows having several files open at once, and the WRITE commands and $read( ) functions can access the proper file by referencing the same ID as the appropriate OPEN command.

If the READ keyword is specified, then the file is expected to already exist, and the file is opened for reading only. If the file does not exist, an error message will be set in the special predefined variable $file_error$, so you can test for an error after the OPEN command with a statement such as <% IF $file_error$ %> (or test for a successful open with <% IF NOT $file_error$ %>).

Otherwise, if READ is not specified, the file will always be created if it does not already exist. If the file does exist, it will be opened for either reading or writing. If the optional APPEND keyword is specified, then writing will begin after any lines already in the file. Otherwise, without the APPEND keyword, writing will overwrite any lines already in the file. (The APPEND keyword can be used even if the file might not exist; a new file will be created if necessary.)

NOTE: The referenced "filename" can use either "/" or "\" as the directory character. The "filename" must have the full file system directory path specification, starting at the disk root directory, such as would be used to open the file with a text editor, and no Web-server directory mapping will be applied. If there is no directory path given, then the file is assumed to be on the "current directory", which is set by the Web server before executing the CGI. Unfortunately, different servers set this differently, e.g. some set it to the Web site root and some set it to the CGI program subdirectory. You can, however, generate a file system path that's on, or relative to, the current script's subdirectory using the $pathTranslated(filename) string function. This function allows using "../" or "..\" to represent the "parent" directory of the script subdirectory (e.g. "../subdir/filename" would refer to a file on a different subdirectory under the same parent directory), or "subdir/filename" (without a leading "/" or "\") to represent a subdirectory of the current script directory. Using this function makes it easier to move scripts around, as long as the subdirectory structure remains the same, because you don't need to "hard code" the full file system path of the script directory.

If the file name or directory path contains any spaces, then the file name must be enclosed inside double-quote marks (e.g., "\path\file name"). Otherwise, quotes are not required.

Files can be closed with the CLOSE command by referencing the same file ID, but any files remaining open when the script terminates will automatically be closed.

Example:

The following command opens a file for appending (i.e. writing after any existing lines already in the file). It uses the arbitrary file ID "log", which simply allows WRITE and CLOSE to refer to the same file. It uses $pathTranslated( ) to specify a file that is on a subdirectory named "logs" under the same parent directory as the current script subdirctory. (For example, if the current script is on a subdirectory named "c:/webroot/mysite/odb", then the opened file will be on "c:/webroot/mysite/logs".) This example then writes a single line (with a couple of variables) at the end of the file and closes it.

    <%
    OPEN log, $pathTranslated("../logs/myLog.txt") APPEND;
    WRITE log, "$date_short$ $time24_hms$ Record $key$ updated.\n";
    CLOSE log;
    %>

    <OPTION VALUE="column"> display

In the second form of the command shown above, a specific list of <OPTION> values may be given directly, separated by commas. (The values do not need to be enclosed in double-quotes unless a value contains a comma.) When this form is used, the given values will be the text displayed in the list and the values passed when a selection is made. (That is, the displayed text and the passed values cannot be different when you use this form of the command. However, since the values are predefined, you may want to use a TRANSLATE command in the target script to translate the passed text values into codes.)

In the second form of the command shown above, the name of the "input_field" will be the name of the passed variable, <SELECT NAME="input_field"> .

The generated HTML <SELECT> form field acts very much like an <INPUT> variable to the form's ACTION function: The name of the variable will be either "column" or "input_field", depending on the form used, and the value for this variable will be the <OPTION VALUE="..."> (as described above) corresponding to the user's highlighted selection. Thus, to the ACTION function (e.g, ODBscript processing a second script file), there will simply be a variable with a value, just as if the user had typed the value into a standard <INPUT> field with that name. Therefore, you do not need any special processing in the target script to handle OPTIONLIST input, unless you want to allow users to select more than one value from the list.

If you want to allow users to select multiple values for a given input, you can add the optional MULTIPLE keyword in the OPTIONLIST command before the column or input_field specification. This will generate an HTML <SELECT MULTIPLE> tag, and the user will be able to highlight more than one selection in the list. (Multiple selections are made by holding down the "Ctrl" key while clicking additional selections or by holding down the "Shift" key while clicking two selections, which selects everything in between the clicks.) In the script that processes the form input, you can use the EACHMULTI loop to process each selection.

Examples:

    <FORM METHOD="post" ACTION="/scripts/odb.exe/your_dir/getproducts.odb" >
    Select category: <% OPTIONLIST 10 Category from Products %> <BR>
    Select warehouse: <% OPTIONLIST warehouse = Newark, St. Louis, Oakland %> <BR>
    <INPUT TYPE="submit" VALUE="Get Products">
    </FORM>

    <FORM METHOD="post" ACTION="/scripts/odb.exe/your_dir/script3.odb" >
    Select product: <% OPTIONLIST 25 Product from Products
                    WHERE Category = '$category$' AND Warehouse = '$warehouse$' %> <BR>
    <INPUT TYPE="submit" VALUE="Get Product Description">
    </FORM>

If the name of the column to be selected contains a space, then the column name must be enclosed in double-quotes (e.g.,, OPTIONLIST "Employee Name") when it is used in this command. This column name will be quoted in the generated SQL statement, but in the name used for the HTML INPUT variable, spaces will be replaced by underscores (e.g.,, Employee_Name), so the target script must reference this input variable as $Employee_Name$.

<% OUTPUT filename [APPEND | INSERT AFTER marker | INSERT BEFORE marker | REPLACE BETWEEN marker1, marker2] %>

The OUTPUT command APPEND option is useful for creating log files of activity. For example, you might log $sql_statement$ after ever database operation initiated by FORM input, so that you could track all updates. Or you might log the full FORM input by using the SHOWINPUT command. Another use might be to allow users to add their e-mail addresses to a mailing list to be used with the SENDMAIL command. Here's an example of logging all the information from an input FORM:

    <% OUTPUT \mydir\formlog.txt APPEND %>
    $today$ $time$
    <% SHOWINPUT;
       OUTPUT %>

    <% OUTPUT \mydir\guestbook.htm INSERT BEFORE insert_messages_here %>
    <HR>
    From: $name$ (<A HREF="mailto:$email$">$email$</A>) on $today$ at $time$
    <P> $message$
    <% OUTPUT %>

The optional "ROWS=" specification limits the number of rows that will be selected. If no limit is set, then all rows matching the selection criteria will be returned. NOTE:This limit is set by using the SQL keyword TOP in the query, which may not be supported by your database (e.g.,it is supported by MS-Access but not by SQL Server.) If not, you can use the SETOPTION SQL_MAX_ROWS to set the number of rows before executing the QBE. (If you set that option, however, it will remain in effect for all subsequent queries until you set some other number, or reset it to return all rows with the command SETOPTION SQL_MAX_ROWS=0.)

The "TABLE=", "SELECT=" and "ORDER=" keywords may be used in the QBE command in any order. Following these specifications, you can specify one or more column names which may be included in the WHERE clause of the SQL SELECT statement. These should match the input variables that you have provided in your query form. As noted above, fields that do not have any current value will not be included in the WHERE clause.

NOTE: There are several special considerations for the column names given in the QBE command:

• When ODBscript generates the SQL SELECT statement to be used for the query, it needs to distinguish between numeric fields and text fields, and for certain databases such as MS-Access, date fields. This is because, in SQL statements, numeric fields are given as plain digits but text fields must be enclosed in single-quotes (apostrophes). MS-Access uses "#" characters around data vales. Therefore, you MUST tell ODBscript that a key field or update field is to be treated as a text field by enclosing its QBE name in apostrophes (e.g., 'name'), or that it is to be treated as a date field by enclosing its name in '#' characters (e.g., #startdate#). If you fail to do this, the generated SQL statement will not "quote" those values, and the statement will be rejected when it is executed.
• The database QBE column names must be exactly the same as the corresponding input ODBscript</