Hometown Bank

<HTML>
  <HEAD>
    <TITLE>
      Hometown Bank
    </TITLE>
    <META content="text/html; charset=windows-1252" http-equiv=Content-Type>
    <META content="MSHTML 5.00.2314.1000" name=GENERATOR></HEAD>
    <BODY>
      <H1 align=center>
         Hometown Bank
      </H1>
        <P>
<%
Dim name
Name = CStr(Request.form("name"))
Dim password
password = CStr(Request.form("password"))
Dim amount
amount = CDbl(Request.form("amount"))
Dim deposit
deposit = CStr(Request.form("Deposit"))
Dim withdraw
withdraw = CStr(Request.form("Withdraw"))

 
Dim objConn
Set objConn = Server.CreateObject("ADODB.Connection") 
objConn.ConnectionString = "DSN=database01" 
objConn.Open 

Dim objRS
Set objRS = Server.CreateObject("ADODB.Recordset")

Dim namestring 
namestring="'" & Name & "'"
passwordstring="'" & Password & "'"
set dennis=objConn.execute("use bank")
mySQL="select * from hometown where username=" & namestring & " and password=" & passwordstring
set rstemp=objConn.execute(mySQL)
if rstemp.eof then 
   response.Write("<p><b> Sorry, invalid userid or password </b>")

%>
   <form method=post action=bank01.asp>
   <input type=submit value="try again!">
   </form>
   </body>
   </html> 
<% 

else
   Response.Write("<p><b>Hi " & name &"</b>")

   Dim balance
   balance=rstemp("balance")
   if isnumeric(amount) then
    ' do nothing
   else
     amount=0.0
   end if
   if deposit="Deposit" then
     response.write("<p><b> $" & amount & " deposited</b>")
     balance=balance + amount
   end if
 
   if withdraw="Withdraw" then
     response.write("<p><b> $" & amount & " withdrawn</b>")
     balance=balance - amount
   end if


   Response.Write("<p><b>  Balance $: " & balance & "</b>")
   Dim balancestring
   balancestring="'" & balance & "'"

   Dim UpdateSQL
   UpdateSQL="update hometown set balance=" & balance & "  where " &  "  username=" & namestring & " and " & " password=" & passwordstring 
   rstemp=objConn.execute(UpdateSQL)
%> 

   <FORM method=post action=bank02.asp>
   <INPUT TYPE=hidden NAME=name VALUE= <%=name %> >
   <INPUT TYPE=hidden NAME=password VALUE= <%=password %> >
      Enter Amount: <INPUT name=amount> 
      <P>
        <INPUT name=Deposit  type=submit value=Deposit>
        <INPUT name=Withdraw  type=submit value=Withdraw>
        <INPUT name=".defaults" onclick="javascript:location='bank01.asp'"     type="button" value="Cancel">
    </P>
    </FORM>
  </BODY>
</HTML>
<!---  note the closing bracket below has it's match way up  -->
<%
end if
%>