Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SQL Crash

  • 12-05-2007 9:02pm
    #1
    Closed Accounts Posts: 381 ✭✭


    Dim adoCon               'Holds the Database Connection Object
    Dim rsReadThr     	 'Holds the recordset for the new record to be added
    Dim strSQL               'Holds the SQL query to query the database
    Dim PostId				'Holds the post id number
    
    PostId = (Request.QueryString("id"))
    
    Set adoCon = Server.CreateObject("ADODB.Connection")
    adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("/db/cghy78uiwm.mdb")
    Set rsReadThr = Server.CreateObject("ADODB.Recordset")
    
    strSQL = "SELECT * FROM TblPost where ThreadId = '"& PostId &"' ;" 
    
    rsReadThr.CursorType = 2
    rsReadThr.LockType = 3
    rsReadThr.Open strSQL, adoCon
    
    Response.write(RsReadThr("PostMember"))
    

    This keeps crashing have no idea why,

    if i change the where
    ThreadId = '"& PostId &"' ;"
    

    to
    where ThreadId = 15 ;"
    

    then it works!

    i get this error Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

    [Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.

    Please help before i go mad

    /forum/thread.asp, line 59

    looked it up but was no help!


Comments

  • Moderators, Politics Moderators Posts: 41,240 Mod ✭✭✭✭Seth Brundle


    The single quotes make it a string and not a number - remove them to form
    ThreadId = "& PostId &" ;"

    Oh and read up on SQL Injection!!!


  • Closed Accounts Posts: 381 ✭✭El_mariachi


    kbannon wrote:
    The single quotes make it a string and not a number - remove them to form
    ThreadId = "& PostId &" ;"

    Oh and read up on SQL Injection!!!

    you now whats really funny, i was lying in bed thniking about that this morning and i said, bet its the single quotes..... but thank you for helping me!


  • Moderators, Politics Moderators Posts: 41,240 Mod ✭✭✭✭Seth Brundle


    Read my last sentence and make sure you follow its advice!!!
    I'd worry about that more than your original problem!


Advertisement