Hello,
I have an ASP that takes a connection string and SQL statement in the
querystring and is supposed to return the XML representation of the
recordset to the Response stream (don't worry, this is a local page, not
one on the Internet). I had it working fine with row-returning SQL, such
as SELECT, but was trying to get it to work with non-row-returnign ones
as well (such as UPDATE and DELETE). Not only can't I get this bit to
work, I seem to have broken the row-returning bit as well!!
The full ASP is shown below. Can anyone see why this isn't working? It
is easy to test, assuming it's called xml.asp, and you have the
Northwind database installed on a local server, you can use the
following URL... https://127.0.0.1/dap.asp?connstr=dr...(local);uid=sa
;pwd=;Network+L ibrary=dbmssocn ;Database=North wind&SQL=select +top+2+*+from
+Categories
I had this working fine, so it showed the XML in IE. I don't know what I
did, but now it gives an error that the XML is badly formed. I presume
that this is because it is throwing an error somewhere, and the error
message is being sent to the browser. Unfortunately, I can't see what or
where the error is.
The SendErrRs is meant to create and return a recordset in case of an
error occurring. That way, the client that picks this up can see what
the error was. It was working fine with SELECT queries, but even that
has stopped working. My intention was that for UPDATEs, it would return
a simple recordset (maybe using the SendErrRs Sub) with a field set to
indicate success.
Here is the full code in the ASP. If anyone can see what is going wrong,
I would be very grateful. TIA
<%@ Language=VBScri pt %>
<%option explicit%>
<%
Dim SQL, ConnStr, Conn, Rs, adPersistXML, i
adPersistXML = 1
Response.Conten tType = "text/xml"
ConnStr = Request.QuerySt ring("ConnStr")
SQL = Request.QuerySt ring("sql")
Set Conn = Server.CreateOb ject("ADODB.Con nection")
Conn.Connection String = ConnStr
On Error Resume Next
Conn.Open
If Err.Number <> 0 Then
SendErrRs Err.Number, Err.Description
Else
Set Rs = Server.CreateOb ject("ADODB.Rec ordset")
With Rs
.ActiveConnecti on = Conn
.CursorLocation = adUseClient
.CursorType = adOpenStatic
.LockType = adLockBatchOpti mistic
.Source = SQL
.Open
If Err.Number <> 0 Then
SendErrRs Err.Number, Err.Description
Else
' We know the command executed OK, but if it was a command that didn't return rows, we
' won't have a recordset. If so, trying to save the recordset will generate an error.
' Check to see if we have a recordset before saving.
i = .RecordCount
Select Case Err.Number
Case 0
' no error, therefore rows returned
.Save Response, adPersistXML
Case 3704
' no rows, ie the SQL was an update, delete, etc
SendErrorRs 0, "No rows returned"
Case Else
' genuine error
SendErrRs Err.Number, Err.Description
End Select
End If
End With
End If
Sub SendErrRs(Num, Desc)
Dim Rs
Set Rs = Server.CreateOb ject("ADODB.Rec ordset")
'response.write ("<p>" & num & " - " & desc & "</p>"): exit sub
With Rs
.CursorLocation = adUseClient
.Fields.Append "ErrorNumbe r", adInteger
.Fields.Append "ErrorDescripti on", adVarChar, 400
.Open
.AddNew
.Fields("ErrorN umber") = Num
.Fields("ErrorD escription") = Desc
.Update
.Save Response, adPersistXML
End With
End Sub
%>
--
Alan Silver
(anything added below this line is nothing to do with me) 6  1717 
My guess would be your retrieving ConnStr and SQL but not the rest of them....... if you want/need to use all of them, you need to retrieve them
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
"Alan Silver" <al*********@no spam.thanx> wrote in message news:JQ******** ******@nospamth ankyou.spam... Hello,
I have an ASP that takes a connection string and SQL statement in the
querystring and is supposed to return the XML representation of the
recordset to the Response stream (don't worry, this is a local page, not
one on the Internet). I had it working fine with row-returning SQL, such
as SELECT, but was trying to get it to work with non-row-returnign ones
as well (such as UPDATE and DELETE). Not only can't I get this bit to
work, I seem to have broken the row-returning bit as well!!
The full ASP is shown below. Can anyone see why this isn't working? It
is easy to test, assuming it's called xml.asp, and you have the
Northwind database installed on a local server, you can use the
following URL...
https://127.0.0.1/dap.asp?connstr=dr...(local);uid=sa
;pwd=;Network+L ibrary=dbmssocn ;Database=North wind&SQL=select +top+2+*+from
+Categories
I had this working fine, so it showed the XML in IE. I don't know what I
did, but now it gives an error that the XML is badly formed. I presume
that this is because it is throwing an error somewhere, and the error
message is being sent to the browser. Unfortunately, I can't see what or
where the error is.
The SendErrRs is meant to create and return a recordset in case of an
error occurring. That way, the client that picks this up can see what
the error was. It was working fine with SELECT queries, but even that
has stopped working. My intention was that for UPDATEs, it would return
a simple recordset (maybe using the SendErrRs Sub) with a field set to
indicate success.
Here is the full code in the ASP. If anyone can see what is going wrong,
I would be very grateful. TIA
<%@ Language=VBScri pt %>
<%option explicit%>
<%
Dim SQL, ConnStr, Conn, Rs, adPersistXML, i
adPersistXML = 1
Response.Conten tType = "text/xml"
ConnStr = Request.QuerySt ring("ConnStr")
SQL = Request.QuerySt ring("sql")
Set Conn = Server.CreateOb ject("ADODB.Con nection")
Conn.Connection String = ConnStr
On Error Resume Next
Conn.Open
If Err.Number <> 0 Then
SendErrRs Err.Number, Err.Description
Else
Set Rs = Server.CreateOb ject("ADODB.Rec ordset")
With Rs
.ActiveConnecti on = Conn
.CursorLocation = adUseClient
.CursorType = adOpenStatic
.LockType = adLockBatchOpti mistic
.Source = SQL
.Open
If Err.Number <> 0 Then
SendErrRs Err.Number, Err.Description
Else
' We know the command executed OK, but if it was a command that didn't return rows, we
' won't have a recordset. If so, trying to save the recordset will generate an error.
' Check to see if we have a recordset before saving.
i = .RecordCount
Select Case Err.Number
Case 0
' no error, therefore rows returned
.Save Response, adPersistXML
Case 3704
' no rows, ie the SQL was an update, delete, etc
SendErrorRs 0, "No rows returned"
Case Else
' genuine error
SendErrRs Err.Number, Err.Description
End Select
End If
End With
End If
Sub SendErrRs(Num, Desc)
Dim Rs
Set Rs = Server.CreateOb ject("ADODB.Rec ordset")
'response.write ("<p>" & num & " - " & desc & "</p>"): exit sub
With Rs
.CursorLocation = adUseClient
.Fields.Append "ErrorNumbe r", adInteger
.Fields.Append "ErrorDescripti on", adVarChar, 400
.Open
.AddNew
.Fields("ErrorN umber") = Num
.Fields("ErrorD escription") = Desc
.Update
.Save Response, adPersistXML
End With
End Sub
%>
--
Alan Silver
(anything added below this line is nothing to do with me)
Alan Silver wrote: Hello,
I have an ASP that takes a connection string and SQL statement in the
querystring and is supposed to return the XML representation of the
recordset to the Response stream (don't worry, this is a local page, not
one on the Internet). I had it working fine with row-returning SQL, such
as SELECT, but was trying to get it to work with non-row-returnign ones
as well (such as UPDATE and DELETE). Not only can't I get this bit to
work, I seem to have broken the row-returning bit as well!!
The full ASP is shown below. Can anyone see why this isn't working? It
is easy to test, assuming it's called xml.asp, and you have the
Northwind database installed on a local server, you can use the
following URL...
https://127.0.0.1/dap.asp?connstr=dr...(local);uid=sa
;pwd=;Network+L ibrary=dbmssocn ;Database=North wind&SQL=select +top+2+*+from
+Categories
I had this working fine, so it showed the XML in IE. I don't know what I
did, but now it gives an error that the XML is badly formed. I presume
that this is because it is throwing an error somewhere, and the error
message is being sent to the browser. Unfortunately, I can't see what or
where the error is.
The SendErrRs is meant to create and return a recordset in case of an
error occurring. That way, the client that picks this up can see what
the error was. It was working fine with SELECT queries, but even that
has stopped working. My intention was that for UPDATEs, it would return
a simple recordset (maybe using the SendErrRs Sub) with a field set to
indicate success.
Here is the full code in the ASP. If anyone can see what is going wrong,
I would be very grateful. TIA
<%@ Language=VBScri pt %>
<%option explicit%>
<%
Dim SQL, ConnStr, Conn, Rs, adPersistXML, i
adPersistXML = 1
Response.Conten tType = "text/xml"
ConnStr = Request.QuerySt ring("ConnStr")
SQL = Request.QuerySt ring("sql")
Set Conn = Server.CreateOb ject("ADODB.Con nection")
Conn.Connection String = ConnStr
On Error Resume Next
Conn.Open
If Err.Number <> 0 Then
SendErrRs Err.Number, Err.Description
Else
Set Rs = Server.CreateOb ject("ADODB.Rec ordset")
With Rs
.ActiveConnecti on = Conn
.CursorLocation = adUseClient
.CursorType = adOpenStatic
.LockType = adLockBatchOpti mistic
.Source = SQL
.Open
If Err.Number <> 0 Then
SendErrRs Err.Number, Err.Description
Else
' We know the command executed OK, but if it was a command that didn't return rows, we
' won't have a recordset. If so, trying to save the recordset will generate an error.
' Check to see if we have a recordset before saving.
i = .RecordCount
Select Case Err.Number
Case 0
' no error, therefore rows returned
.Save Response, adPersistXML
Case 3704
' no rows, ie the SQL was an update, delete, etc
SendErrorRs 0, "No rows returned"
Case Else
' genuine error
SendErrRs Err.Number, Err.Description
End Select
End If
End With
End If
Sub SendErrRs(Num, Desc)
Dim Rs
Set Rs = Server.CreateOb ject("ADODB.Rec ordset")
'response.write ("<p>" & num & " - " & desc & "</p>"): exit sub
With Rs
.CursorLocation = adUseClient
.Fields.Append "ErrorNumbe r", adInteger
.Fields.Append "ErrorDescripti on", adVarChar, 400
.Open
.AddNew
.Fields("ErrorN umber") = Num
.Fields("ErrorD escription") = Desc
.Update
.Save Response, adPersistXML
End With
End Sub
%>
Take out the "On Error Resume Next" to see if that yields more information.
Bob,
First off, I should point out that I spotted the problem with my
existing code when I looked again this morning. I had called the sub
SendErrorRs, when in fact it was actually named SednErrRs.
The weird thing is that IE seemed to be caching the page, so when I made
changes, I didn't see any difference. I have no idea why this is as have
my cache switched off in IE and I was using Ctrl-f5 to refresh the page.
Anyway, when I closed IE and restarted it, I could see the changes.
Now, about the other bit ... This is incredibly bad practice security-wise Why give hackers a head
start in their efforts to find out your database structure?
Well, I did point out that this was for internal use only ;-)
However, you have raised a point that I was going to ask about here
anyway. This started because the DB admin want to close the port that
SQL Server uses on the server, to prevent anyone having direct access to
the databases. He suggested the ASP approach, and having our client
applications grab the recordsets from the URL. The URL of the page would
be encrypted in the application, so no-one would know it existed, and
the page itself would have Windows security on it, so even if they know
it exists, they would have to find out the UID and password to get at
it.
Having said all that, it didn't seem like such a great idea to me, even
internally. I'm sure that there must be plenty of machines out on the
Internet that run SQL Server, but don't have port 1433 (I think it is)
open. How do they allow the client application to interact with the
server?
Maybe this is the wrong place to ask this question as I guess it's more
related to the client application (which in our case is written in VB),
but since you raised the issue, I thought I would ask.
Any comments welcome. Thanks.
--
Alan Silver
(anything added below this line is nothing to do with me)
>Take out the "On Error Resume Next" to see if that yields more information.
It didn't, which is why I was getting so frustrated the other day, but I
just discovered that IE was caching the page, so even when I made
changes to the source, I got the same thing in the browser.
Sorted now, ta.
--
Alan Silver
(anything added below this line is nothing to do with me)
Alan Silver wrote: Bob,
This is incredibly bad practice security-wise Why give hackers a head
start in their efforts to find out your database structure?
Well, I did point out that this was for internal use only ;-)
Not a good answer. A large percentage of hacks are done by disgruntled
employees ...
However, you have raised a point that I was going to ask about here
anyway. This started because the DB admin want to close the port that
SQL Server uses on the server, to prevent anyone having direct access
to the databases.
Not a bad idea. Think Blaster and Code Red ...
He suggested the ASP approach, and having our client
applications grab the recordsets from the URL. The URL of the page
would be encrypted in the application, so no-one would know it
existed, and the page itself would have Windows security on it, so
even if they know it exists, they would have to find out the UID and
password to get at it.
All of which is child's play to serious hackers.
Having said all that, it didn't seem like such a great idea to me,
even internally. I'm sure that there must be plenty of machines out
on the Internet that run SQL Server, but don't have port 1433 (I
think it is) open. How do they allow the client application to
interact with the server?
Most people configure a different port. Plus, they do not allow direct
access to internal servers from external locations. VPN is often used. Also,
many people use a separate sql server outside the dmz, to which they
replicate the data they want to have accessible to the outside world.
Maybe this is the wrong place to ask this question as I guess it's
more related to the client application (which in our case is written
in VB), but since you raised the issue, I thought I would ask.
There is a .sqlserver.secu rity newsgroup that you should browse.
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Adrian Parker |
last post by:
Hi. I would like to query a database, given several where clauses to refine
my search, and return the value of one single field in the database.
eg: I have a table that lists teachers. Their first name, last name, age,
unique teacher number, etc is in the file.
I want to return the unique teacher number, for example, of the teacher...
|
by: Skully Matjas |
last post by:
I am using the following code (created by the wizard) to
allow to bring my form to a particular entery. But when I
edit the entery (ex: put new information into a blank
cell), it puts that record onto the bottom of the list
(even though it keeps its record number).
Also, There are certin names that i click on the list, and
it will not...
|
by: Jayjay |
last post by:
When it comes to access, I'm pretty good using the built in features
and can come up with some pretty complex functions to get what I need.
But we have this database I'm doing for work that is trying to pull in
too many things. The database is a construction job estimating
program. First you setup a project, then you add items that will be...
|
by: hope |
last post by:
Hi
Access 97
I'm lost on this code please can you help
=================================
Below is some simple code that will concatenate a single field's value from multiple records into a single string separated by a user defined character. There is no error trapping
(by design), USE AT YOUR OWN RISK.
|
by: Bruce |
last post by:
I need to re-write an old .ASP application in a C# webservice. No problem,
right? Well, I also need to use a DCom object to connect to our SAP system.
Unfortunately, I'm unable to make that work.
It seems that, even though SAP requires an ADODB.Recordset object passed,
the DCom specification says it requires an object. So .Net won't let...
| | |
by: rempit |
last post by:
Is it true???Help me please..
I want to search data from Database..And..The result is view in new "DIV"..
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="new.aspx.vb" Inherits="Testing._new" %>
<%
Dim objDbConn, strConn, rsSearchResults, strSQL, I
If Request.QueryString("action") <> "" Then
|
by: Lazster |
last post by:
Hi,
I'd really appreciate some help here people. I am trying to insert some values in a table in another database and not getting the results I am expecting. I am simply trying to insert values via a connection to a recordset and then close the recordset.
However I keep getting a type mismatch on the variable rstMainData.
Please can...
|
by: hotflash |
last post by:
Hi Master CroCrew,
I found a good PURE ASP that will allow you to upload 10MB file to the server and the file contents such as Network, Author, Title, etc... will insert to MS Access at the same time.
Below is a working script that I used. Let's say after the file is uploaded to the server and a record created with the file contents above...
|
by: Dooza |
last post by:
I have a stored procedure that takes a number of inputs, does a bulk
insert, and then outputs a recordset. When I run the stored procedure in
Server Management Studio I also get a return value from the stored
procedure which is an INT.
I want to access this return value on my ASP/VBScript page, but do not
know how to access it.
Here is...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
