[thelist] Select QRY problem

[Pringle, Ron]

Ken-

I wouldn't want you all to think that I'm a complete idiot (yes, technically
99.9% idiot invalidates the complete rule :-).

I did write the querystring to the page to check it out and it was passing
the var just fine. And I knew the var was a valid ID number that existed in
the table because it was directly pulled from a record summary on a previous
page. Just in case, I also hard coded the var to a specific number and it
didn't work then either.

So the problem was my SQL statement. The way I had it set up, it wasn't
pulling ANY matching record, and therefore had nothing to compare to the var
in the WHERE statement.

So problem solved. Well, this one anyhow. :-)


Thank you all for the help.

Regards,
Ron


> : Pringle, Ron wrote:
> : > Peter et al-
> : >
> : > Thanks for the tips, it ended up being the simple fact 
> that I hadn't
> : > converted my querystring into an integer, so of course it wasn't
> : matching,
> : > and of course it wasn't selecting any records.
> : >
> : > Der.
> : >
> : > However, I would have thought it would have thrown a type mismatch
> : error.
> : > Live and learn!
> : 
> : Ron,
> : 
> : At the point in your code where you were doing the 
> concatenation, you
> : had your base query as a string constant, and the result of
> : response.querystring.  Both of these are STRINGS.  No type mismatch
> : error is ever going to occur at that point.  Plus, ASP will perform
> : silent type conversion in many expressions, including string
> : concatenation (along with a whole bunch of other scripting 
> languages).
> : 
> : You really need force querystrings into typed variables 
> before they are
> : used anywhere else in your code, especially before they are 
> passed to a
> : SQL driver.  Google "SQL injection" for a good scare.
> 
> He is creating an *SQL* statement. What you are asking him to do is
> irrelevant considering the error. The error is not the 
> database complaining
> about a type-mismatch. The database is complaining about a 
> parameter being
> *missing*. Casting a variable up in the ASP layer is 
> completely irrelevant to
> building an SQL statement. You need to make sure that the 
> *database* can do
> the necessary parsing/conversion, however in your ASP layer, 
> everything will
> still be a string (well, technically a variant since there 
> are no strings in
> ASP)
> 
> Cheers
> Ken
> -- 
> 
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
> 
> For unsubscribe and other options, including the Tip Harvester 
> and archives of thelist go to: http://lists.evolt.org 
> Workers of the Web, evolt ! 
>