Code Snippet from

XML for Data Exchange

==========================================

<%@ Language=VBScript %>

<%

'======Purpose

' This web page will appropriately access any data source and return xml formatted data as a stream or to a file. Security is included.

'======Usage

'http://xmlexamples.net/rw/eu/getXML.asp?sql=select%20*%20from%20tmemberstates

'http://xmlexamples.net/rw/eu/getXML.asp?sql=select%20*%20from%20tmemberstates&options=-schema

'http://xmlexamples.net/rw/eu/getXML.asp?sql=select%20*%20from%20tmemberstates&filename=customer.xml

'======Authors

' Copyright 8020 Data Company 2001

' Authors - Ladislav Goc, Joe Gotthelf, Bruce Troutman

'CUSTOM******************************Configurations****************************************

'=====Initialize File Path for saving aa a file - Change as necessary for each environment

FilePath = Request.ServerVariables("APPL_PHYSICAL_PATH") & "rw\"

'Note this directory must have write permissions for IUSR_machinename account

'=====Initialize Approved IP List for security - Change as necessary for each environment

ApprovedIPList = "205.252.89.167"

'=====Initialize Datasource Connection and Provider - Change as necessary for each environment

Datasource= "Data Source=(local);Initial Catalog=ingenix;User ID=in;Password=passin1" Provider = "SQLOLEDB"

 '******************************************************************************************

'=====Security

'testing RemoteIP = Request.ServerVariables("REMOTE_ADDR") 'Get RemoteIP

RemoteIP = "205.252.89.167"

If instr(ApprovedIPList,RemoteIP) = 0 then

    'IP Failure

    xmlmessage "ERROR: Your IP address (" & RemoteIP & ") is not authorized."

End if

' ===== Check to see if sql string was sent

Session("SQLStr") = "" 'Initialize SQL String

If len(trim(Request.Querystring("sql"))) = 0 then

     ' SQL= Failure

     xmlmessage "ERROR: No sql= was sent."

Else

     Session("SQLStr") = trim(Request.Querystring("SQL"))

     ' NOTE: %25 is sql for LIKE %

     'Only SELECT is allowed

     If Left(trim(ucase(Session("SQLStr"))),6)<>"SELECT" then

     'Improper SQL verb

      xmlmessage "ERROR: You may only use a SELECT statement. (" & Left(trim(ucase(Session("SQLStr"))),6) & ")"

End if

' Connect to the data

'CUSTOM Option =====Assign Connection String and Provider based on RemoteIPAddress

'Select Case RemoteIP

'Case "205.252.89.167"  ' Change as necessary for each environment

'   Datasource= "Data Source=(local);Initial Catalog=Ingenix;User ID=in;Password=passin1"          Provider = "SQLOLEDB"

===============

End of Snippet

===============