[thelist] Select QRY problem
Pringle, Ron
RPringle at aurora-il.org
Tue Mar 15 08:19:55 CST 2005
Ken-
I wouldn't want you all to think that I'm a complete idiot (yes, technically
99.9% idiot invalidates the complete rule :-).
I did write the querystring to the page to check it out and it was passing
the var just fine. And I knew the var was a valid ID number that existed in
the table because it was directly pulled from a record summary on a previous
page. Just in case, I also hard coded the var to a specific number and it
didn't work then either.
So the problem was my SQL statement. The way I had it set up, it wasn't
pulling ANY matching record, and therefore had nothing to compare to the var
in the WHERE statement.
So problem solved. Well, this one anyhow. :-)
Thank you all for the help.
Regards,
Ron
> : Pringle, Ron wrote:
> : > Peter et al-
> : >
> : > Thanks for the tips, it ended up being the simple fact
> that I hadn't
> : > converted my querystring into an integer, so of course it wasn't
> : matching,
> : > and of course it wasn't selecting any records.
> : >
> : > Der.
> : >
> : > However, I would have thought it would have thrown a type mismatch
> : error.
> : > Live and learn!
> :
> : Ron,
> :
> : At the point in your code where you were doing the
> concatenation, you
> : had your base query as a string constant, and the result of
> : response.querystring. Both of these are STRINGS. No type mismatch
> : error is ever going to occur at that point. Plus, ASP will perform
> : silent type conversion in many expressions, including string
> : concatenation (along with a whole bunch of other scripting
> languages).
> :
> : You really need force querystrings into typed variables
> before they are
> : used anywhere else in your code, especially before they are
> passed to a
> : SQL driver. Google "SQL injection" for a good scare.
>
> He is creating an *SQL* statement. What you are asking him to do is
> irrelevant considering the error. The error is not the
> database complaining
> about a type-mismatch. The database is complaining about a
> parameter being
> *missing*. Casting a variable up in the ASP layer is
> completely irrelevant to
> building an SQL statement. You need to make sure that the
> *database* can do
> the necessary parsing/conversion, however in your ASP layer,
> everything will
> still be a string (well, technically a variant since there
> are no strings in
> ASP)
>
> Cheers
> Ken
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>
More information about the thelist
mailing list