Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Multiple ASP Update statement

  • 07-06-2012 9:53am
    #1
    Registered Users, Registered Users 2 Posts: 224 ✭✭


    Hi, I am trying to get a multiple update statement working but cant getting it going. Any ideas?


    Here is my code

    <%
    Response.Buffer=True

    Dim iCount
    iCount = Request.Form("Count")
    Dim strLink, strID

    Dim Command1
    set Command1 = Server.CreateObject("Adodb.Connection")
    Command1.ConnectionString = strConnection
    Command1.Open

    Dim iLoop

    For iLoop = 0 to iCount
    strLink = Request(iLoop & ".Link")
    strID = Request(iLoop & ".ID")
    dim rsDeliveryID, strSQL

    Set rsDeliveryID = Server.CreateObject("ADODB.Recordset")

    strSQL = "SELECT ID, DeliveryID, tblDeliverys.ProdID, CompanyItemID, tblDeliverys.TotalQty, Delivered FROM tblDeliverys Inner join tblItems on tblItems.ProdID=tblDeliverys.ProdID Where DeliveryID='"&DeliveryID&"' and CompanyItemID='"&CompanyItemID&"' and Delivered=0"

    strSQL = "Update tblDeliverys SET ActualQtyDelivered = '" & strLink & "'" &_

    "Where ID = '"& strID & "'"

    strSQL=" UPDATE tblItems SET TotalQty=TotalQty+"&QtyDelivered&", Archived=0 WHERE ProdID="&rsDeliveryID("ProdID")& ";"

    Command1.Execute strSQL
    Next

    Command1.Close
    Set Command1 = Nothing

    %>
    <meta http-equiv="refresh" content="1;URL=BOSBookedIn.asp" />


Comments

  • Moderators, Politics Moderators Posts: 41,242 Mod ✭✭✭✭Seth Brundle


    Where is it failing?
    What is the error message? (actually where is your error handling code?)
    Is strConnection defined?
    Is QtyDelivered always number?#
    Will rsDeliveryID("ProdID") always return a value contained in the table?


    Also, you are creating a recordset unnecessarily.

    (Where is your anti-SQL Injection code?)


  • Registered Users, Registered Users 2 Posts: 224 ✭✭The Mighty Dubs


    I have actual got it sorted. many thanks for your reply/assistance.

    Anti inject code? How do i do this?


  • Moderators, Politics Moderators Posts: 41,242 Mod ✭✭✭✭Seth Brundle


    What was the cause of the issue?

    SQL injection is caused by uncleansed data submitted by a user being allowed to run straight against the database.


  • Registered Users, Registered Users 2 Posts: 2,494 ✭✭✭kayos


    kbannon wrote: »
    What was the cause of the issue?

    I'm gonna guess the fact that strSQL was been over written was the issue..


Advertisement