Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Multiple ASP Update statement

  • 07-06-2012 09:53AM
    #1
    The Mighty Dubs
    Registered Users, Registered Users 2 Posts: 224 ✭✭


    Hi, I am trying to get a multiple update statement working but cant getting it going. Any ideas?


    Here is my code

    <%
    Response.Buffer=True

    Dim iCount
    iCount = Request.Form("Count")
    Dim strLink, strID

    Dim Command1
    set Command1 = Server.CreateObject("Adodb.Connection")
    Command1.ConnectionString = strConnection
    Command1.Open

    Dim iLoop

    For iLoop = 0 to iCount
    strLink = Request(iLoop & ".Link")
    strID = Request(iLoop & ".ID")
    dim rsDeliveryID, strSQL

    Set rsDeliveryID = Server.CreateObject("ADODB.Recordset")

    strSQL = "SELECT ID, DeliveryID, tblDeliverys.ProdID, CompanyItemID, tblDeliverys.TotalQty, Delivered FROM tblDeliverys Inner join tblItems on tblItems.ProdID=tblDeliverys.ProdID Where DeliveryID='"&DeliveryID&"' and CompanyItemID='"&CompanyItemID&"' and Delivered=0"

    strSQL = "Update tblDeliverys SET ActualQtyDelivered = '" & strLink & "'" &_

    "Where ID = '"& strID & "'"

    strSQL=" UPDATE tblItems SET TotalQty=TotalQty+"&QtyDelivered&", Archived=0 WHERE ProdID="&rsDeliveryID("ProdID")& ";"

    Command1.Execute strSQL
    Next

    Command1.Close
    Set Command1 = Nothing

    %>
    <meta http-equiv="refresh" content="1;URL=BOSBookedIn.asp" />


Comments

  • #2
    Seth Brundle
    Moderators, Politics Moderators, Paid Member Posts: 44,265 Mod ✭✭✭✭Seth Brundle


    Where is it failing?
    What is the error message? (actually where is your error handling code?)
    Is strConnection defined?
    Is QtyDelivered always number?#
    Will rsDeliveryID("ProdID") always return a value contained in the table?


    Also, you are creating a recordset unnecessarily.

    (Where is your anti-SQL Injection code?)

    Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/ .



  • #3
    The Mighty Dubs
    Registered Users, Registered Users 2 Posts: 224 ✭✭The Mighty Dubs


    I have actual got it sorted. many thanks for your reply/assistance.

    Anti inject code? How do i do this?


  • #4
    Seth Brundle
    Moderators, Politics Moderators, Paid Member Posts: 44,265 Mod ✭✭✭✭Seth Brundle


    What was the cause of the issue?

    SQL injection is caused by uncleansed data submitted by a user being allowed to run straight against the database.

    Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/ .



  • #5
    kayos
    Registered Users, Registered Users 2 Posts: 2,494 ✭✭✭kayos


    kbannon wrote: »
    What was the cause of the issue?

    I'm gonna guess the fact that strSQL was been over written was the issue..


Advertisement