Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

2»

Comments

  • #32
    BoardsMember
    Registered Users Posts: 4,431 ✭✭✭BoardsMember


    Beano wrote: »
    In fairness if you are concerned with sql injection (and you should be) then stored procs is the way to go. this whole idea of building up queries in code went out with the indians.

    100% agree, but based on posts to date, I think we have to deal with what we're dealing with.


  • #33
    Beano
    Closed Accounts Posts: 3,357 ✭✭✭Beano


    BoardsMember wrote: »
    100% agree, but based on posts to date, I think we have to deal with what we're dealing with.

    good point.


  • #34
    MikeFantana
    Registered Users Posts: 44 MikeFantana


    Graham wrote: »
    To follow on from Berserkers suggestion, if in doubt, response.write it out.

    So after
    countyID = Request.QueryString("CountyID")

    do a
    response.write countyID

    Ok so i have added the dims
    dim countyID
dim ConTypeID
dim ConBusName
countyID = Request.QueryString("CountyID")
response.write countyID
ConTypeID = Request.QueryString("ConTypeID")
response.write ConTypeID       
ConBusname = Request.QueryString("ConBusName")
response.write ConBusName

    and it writes back the corerct parameters to screen,

    I tried to add the Response.Querysting to my conditions but alas no luck, making a right mess of it.
    sSQL = "SELECT * FROM dbo.qrySearchResults "

            conditions = ""

           

            If Param1 <> "" Then           

                conditions = "CountyID=" Request.QueryString ('& MMColParam1&')

            End If


  • #35
    Beano
    Closed Accounts Posts: 3,357 ✭✭✭Beano


    once you have taken the values from the querystring into the variables then there is no need to used the querystring after that. you then use the variables are you were using them before.

    can i ask what this is for? It seems a very trivial example so is this a college project or something?


  • #36
    Graham
    Moderators, Society & Culture Moderators Posts: 17,642 Mod ✭✭✭✭Graham


    I strongly suspect you're trying to edit dreamweavers autowaffle ASP code here OP.

    If that's the case, I'd recommend you stop, start again with a nice clean hand-coded example, there's millions of good ones still floating about on the net. Do a search for "Classic ASP Query SLQ Database" or something along those lines, add a -.net if required.


  • Advertisement
  • #37
    BoardsMember
    Registered Users Posts: 4,431 ✭✭✭BoardsMember


    There is no Param1...Parameters are for SPs and the like, you are trying to write inline query

    dim countyID
    dim ConTypeID
    dim ConBusName

    countyID = Request.QueryString("CountyID")
    ConTypeID = Request.QueryString("ConTypeID")
    ConBusname = Request.QueryString("ConBusName")



    sSQL = "SELECT * FROM dbo.qrySearchResults "
    if countyID <> "" then sSQL = sSQL & " WHERE CountyId =" & countyID
    if ConTypeID <> "" then sSQL = sSQL & " AND ConTypeID=" & ConTypeID

    etc...

    Obviously you must have one "WHERE" and the rest "AND"s. And you need to sanitise the querystring values, as already posted.


Advertisement