Bob,
I've been reading some of your posts in google groups regarding
Paramaterizing SQL queries.
I'm trying to do things theright way, but having problems and thought you
might be able to help me out.
I'm opening an access database in an include file at the start of the asp
file.
Set MyConn = Server.CreateOb ject("ADODB.Con nection")
MyConn.Open "Provider=Micro soft.Jet.OLEDB. 4.0; Data Source=c:\testd b.mdb;"
So far so good.
I then tried saving a query in Access - its named 'qlogin' and consists of a
very simple:
SELECT *
FROM users
WHERE login=[formusername] And userpassword=[formpassword];
What lines of asp do I need to then get data from the record set, ie:
RS("login")
I am also interested in a method someone else brought up and you weren't too
keen on which used dynamic SQL but with the parameters in a @P1 type naming
convention. eg: SQL = "EXEC qry_Listings @P1" & varPI
How would I use this to return a recordset?
Thanking you in advance
John Burns
8  1341 
John Burns wrote: Bob,
I've been reading some of your posts in google groups regarding
Paramaterizing SQL queries.
I'm trying to do things theright way, but having problems and thought
you might be able to help me out.
I'm opening an access database in an include file at the start of
the asp file.
Set MyConn = Server.CreateOb ject("ADODB.Con nection")
MyConn.Open "Provider=Micro soft.Jet.OLEDB. 4.0; Data
Source=c:\testd b.mdb;"
So far so good.
I then tried saving a query in Access - its named 'qlogin' and
consists of a very simple:
SELECT *
Avoid selstar in production code (http://www.aspfaq.com/show.asp?id=2096).
Always name the fields you are returning.
FROM users
WHERE login=[formusername] And userpassword=[formpassword];
What lines of asp do I need to then get data from the record set, ie:
RS("login")
It couldn't be simpler. Let's assume you've put the values to be passed to
the query in variables called formusername and formpassword (I would use
shorter variable names myself, but that's just personal preference):
dim rs
set rs = createobject("a dodb.recordset" )
MyConn.qlogin formusername, formpassword, rs
if not rs.eof then
login = rs("login")
else
'query returned no records
end if
I am also interested in a method someone else brought up and you
weren't too keen on which used dynamic SQL but with the parameters in
a @P1 type naming convention. eg: SQL = "EXEC qry_Listings @P1" &
varPI
How would I use this to return a recordset?
dim sSQL
sSQL = "Exec qlogin '" & formusername & "','" & formpassword & "'"
Set rs = MyConn.Execute( sSQL,,1)
If you've read my posts about this, you should understand why I'm not keen
on this technique. Read up on SQL Injection.
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Bob,
Thankyou very much for your quick response.
I have a couple of more questions:
If I want to perform another SQL query within the script, do I need to
completely close the connection to the database and reopen it, or is there a
simpler way?
This definitely works, but looks like it's wasting resources.
MyConn.close
MyConn.Open "Provider=Micro soft.Jet.OLEDB. 4.0; " & "Data
Source=c:\testd b.mdb"
Also, with regards to the method using @P1, etc. I actually thought this
was parametizing the data to protect against SQL injection. Maybe its the
method using ?. Do either of these work, or is the only way to define them
in access?
Once again, thanks in advance
John Burns
John Burns wrote: Bob,
Thankyou very much for your quick response.
I have a couple of more questions:
If I want to perform another SQL query within the script, do I need to
completely close the connection to the database and reopen it,
Of course not. Just run the next query. One caveat: depending on the
cursortype, you may need to close an open recordset before opening a new one
(experiment with this), but you should be consuming the data from recordsets
as quickly as possible anyways. GetString and GetRows are good techniques
for sucking the data out of your recordset so the recordset can be closed
and discarded. Search www.aspfaq.com for the article on recordset iteration
(keywords: iteration getrows)
Also, with regards to the method using @P1, etc. I actually thought
this was parametizing the data to protect against SQL injection.
Maybe its the method using ?. Do either of these work, or is the
only way to define them in access?
Yes, you're thinking of the ? technique (called parameter markers). This
works with all data providers. See here for an example: http://groups-beta.google.com/group/...76ae56f800dd59
ADO documentation can be found at http://msdn.microsoft.com/library. Look
under the Win32 and Com node in the TOC.
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Bob,
any reason off the top of your head why I would always get EOF=true on my
windows 2000 server machine when this code works perfectly on my WindowsXP
machine?
I have also confirmed that If I change a query back to a standard
concatenated query, it works perfectly in win 2000.
Regards
John
A reboot did the job - pity, it was the 98th day of uptime. Back to 0
again.
John Burns wrote: Bob,
any reason off the top of your head why I would always get EOF=true
on my windows 2000 server machine when this code works perfectly on
my WindowsXP machine?
I have also confirmed that If I change a query back to a standard
concatenated query, it works perfectly in win 2000.
Not without seeing the code.
I assume you are validating the inputs to verify that they contain what they
are expected to contain ...
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
John Burns wrote: A reboot did the job - pity, it was the 98th day of uptime.
Exceedingly strange. Were you using data stored in Application or Session? I
see no other reason that a reboot would have affected this problem.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
> Exceedingly strange. Were you using data stored in Application or Session? I see no other reason that a reboot would have affected this problem.
Actually, after a reset, it broke again when I uploaded a new mdb file to
the server.
I justupgraded the MDAC to the latest version (5.8??) and it now seems fine. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: |
last post by:
First of all thanks for helping me out.
I have to admit I dont understand some of your suggestiosn, sorry.
I dont know what is the "3D" thing... Is there another way to make it
work something more simple for a newbie like me? Thanks
What I want to do is:
First check all the files from a folder and analyze only the one with the .Seq extension.
What I want to do is to get the reverse complement of the DNA sequence. If their is a problem...
|
by: Simon |
last post by:
Hey folks,
I need some of your expertiese again. I am creating a survey form and need
some help gathering the results of a question that has checkboxes. There
are four options for one of the questions for example
Where do you normally buy books?
o Bookstore
o Online
o Book club
|
by: Akbar |
last post by:
Hey there,
Big-time curiosity issue here...
Here's the test code (it's not that long)... it's to display a large
number of image links with captions, ideally pulled in from an
external file (that part's not here -- spotlighting the problem code):
--------BEGIN CODE PAGE------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
by: Mr. Clean |
last post by:
Can a rolloever menu be done using only CSS, without javascript?
|
by: Mike |
last post by:
I'm after a *simple* script to log each visitor to a website. All
I actually need is the visitor's reported IP address whether
genuine, proxied or hidden. Their reported browser type would be
an advantage, regardless of what browser is actually used.
Anyone know of anything simple and preferably free that will do
this? The site is hosted on a FreeBSD server with access to
CGI-Bin but it does not seem to have a server-side stats log.
...
| | |
by: SharkFOA |
last post by:
Hi Bob,
Hoping that you can help. Sometime ago I posted for help(Copied below). You
suggested using a crosstab query. I've tried everything I know how but can't
get it to work. I think it must be in the basics. You refer to a booked date
whereas I have a check in & check out date.
My table has a lookup to the room, checkin & checkout dates and I get a
figure(any kind is fine!) at the intersection of the two rows, (Room,
Checkin) &...
|
by: TC |
last post by:
Hi Steve
Some time ago I told you about the "blat" SMTP mailer. You said you would
look into it. I'm now planning on using it myself.
I've tried the DLL version, & am having a problem with the -install option.
It works - ie. it adds the relevant info. to the registry - but it never
returns from the call. Access instantly quits! There are no otherr error
effects or messages that I can see. So this would make it impractical to use
that...
|
by: PC Datasheet |
last post by:
Recently you responded to a poster on the cause and remedy for a Write Conflict
error. If you remember the thread, could you point me to it or could you repost
what you remember you said in the response.
Thank You!
Steve
PC Datasheet
|
by: Hugh Welford |
last post by:
Hi Bob - had the advice below from you recently:-
hugh welford wrote:
> Hi - using XP pro with IIS to develop offline asp data access site.
>
> Suddenly, my DSNs and odbc drivers have disappeared - the only thing
> I can think of is that an XP auto update has done this in some way.
>
> Can anyone tell me how to get hold of and re-instal odbc drivers to
> allow me to connect with ACCESS data bases.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
