473,555 Members | 2,402 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Attn Bob Barrows

Bob,
I've been reading some of your posts in google groups regarding
Paramaterizing SQL queries.

I'm trying to do things theright way, but having problems and thought you
might be able to help me out.

I'm opening an access database in an include file at the start of the asp
file.
Set MyConn = Server.CreateOb ject("ADODB.Con nection")
MyConn.Open "Provider=Micro soft.Jet.OLEDB. 4.0; Data Source=c:\testd b.mdb;"

So far so good.

I then tried saving a query in Access - its named 'qlogin' and consists of a
very simple:
SELECT *
FROM users
WHERE login=[formusername] And userpassword=[formpassword];

What lines of asp do I need to then get data from the record set, ie:
RS("login")

I am also interested in a method someone else brought up and you weren't too
keen on which used dynamic SQL but with the parameters in a @P1 type naming
convention. eg: SQL = "EXEC qry_Listings @P1" & varPI
How would I use this to return a recordset?

Thanking you in advance

John Burns


Jul 22 '05 #1
8 1331
John Burns wrote:
Bob,
I've been reading some of your posts in google groups regarding
Paramaterizing SQL queries.

I'm trying to do things theright way, but having problems and thought
you might be able to help me out.

I'm opening an access database in an include file at the start of
the asp file.
Set MyConn = Server.CreateOb ject("ADODB.Con nection")
MyConn.Open "Provider=Micro soft.Jet.OLEDB. 4.0; Data
Source=c:\testd b.mdb;"

So far so good.

I then tried saving a query in Access - its named 'qlogin' and
consists of a very simple:
SELECT *
Avoid selstar in production code (http://www.aspfaq.com/show.asp?id=2096).
Always name the fields you are returning.
FROM users
WHERE login=[formusername] And userpassword=[formpassword];

What lines of asp do I need to then get data from the record set, ie:
RS("login")
It couldn't be simpler. Let's assume you've put the values to be passed to
the query in variables called formusername and formpassword (I would use
shorter variable names myself, but that's just personal preference):

dim rs
set rs = createobject("a dodb.recordset" )
MyConn.qlogin formusername, formpassword, rs
if not rs.eof then
login = rs("login")
else
'query returned no records
end if


I am also interested in a method someone else brought up and you
weren't too keen on which used dynamic SQL but with the parameters in
a @P1 type naming convention. eg: SQL = "EXEC qry_Listings @P1" &
varPI
How would I use this to return a recordset?

dim sSQL
sSQL = "Exec qlogin '" & formusername & "','" & formpassword & "'"
Set rs = MyConn.Execute( sSQL,,1)

If you've read my posts about this, you should understand why I'm not keen
on this technique. Read up on SQL Injection.

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 22 '05 #2
Bob,
Thankyou very much for your quick response.

I have a couple of more questions:
If I want to perform another SQL query within the script, do I need to
completely close the connection to the database and reopen it, or is there a
simpler way?

This definitely works, but looks like it's wasting resources.
MyConn.close
MyConn.Open "Provider=Micro soft.Jet.OLEDB. 4.0; " & "Data
Source=c:\testd b.mdb"
Also, with regards to the method using @P1, etc. I actually thought this
was parametizing the data to protect against SQL injection. Maybe its the
method using ?. Do either of these work, or is the only way to define them
in access?

Once again, thanks in advance

John Burns
Jul 22 '05 #3
John Burns wrote:
Bob,
Thankyou very much for your quick response.

I have a couple of more questions:
If I want to perform another SQL query within the script, do I need to
completely close the connection to the database and reopen it,
Of course not. Just run the next query. One caveat: depending on the
cursortype, you may need to close an open recordset before opening a new one
(experiment with this), but you should be consuming the data from recordsets
as quickly as possible anyways. GetString and GetRows are good techniques
for sucking the data out of your recordset so the recordset can be closed
and discarded. Search www.aspfaq.com for the article on recordset iteration
(keywords: iteration getrows)
Also, with regards to the method using @P1, etc. I actually thought
this was parametizing the data to protect against SQL injection.
Maybe its the method using ?. Do either of these work, or is the
only way to define them in access?

Yes, you're thinking of the ? technique (called parameter markers). This
works with all data providers. See here for an example:
http://groups-beta.google.com/group/...76ae56f800dd59
ADO documentation can be found at http://msdn.microsoft.com/library. Look
under the Win32 and Com node in the TOC.

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 22 '05 #4
Bob,
any reason off the top of your head why I would always get EOF=true on my
windows 2000 server machine when this code works perfectly on my WindowsXP
machine?
I have also confirmed that If I change a query back to a standard
concatenated query, it works perfectly in win 2000.

Regards

John

Jul 22 '05 #5
A reboot did the job - pity, it was the 98th day of uptime. Back to 0
again.
Jul 22 '05 #6
John Burns wrote:
Bob,
any reason off the top of your head why I would always get EOF=true
on my windows 2000 server machine when this code works perfectly on
my WindowsXP machine?
I have also confirmed that If I change a query back to a standard
concatenated query, it works perfectly in win 2000.

Not without seeing the code.
I assume you are validating the inputs to verify that they contain what they
are expected to contain ...

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 22 '05 #7
John Burns wrote:
A reboot did the job - pity, it was the 98th day of uptime.


Exceedingly strange. Were you using data stored in Application or Session? I
see no other reason that a reboot would have affected this problem.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 22 '05 #8
> Exceedingly strange. Were you using data stored in Application or Session?
I see no other reason that a reboot would have affected this problem.


Actually, after a reset, it broke again when I uploaded a new mdb file to
the server.
I justupgraded the MDAC to the latest version (5.8??) and it now seems fine.
Jul 22 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1889
by: | last post by:
First of all thanks for helping me out. I have to admit I dont understand some of your suggestiosn, sorry. I dont know what is the "3D" thing... Is there another way to make it work something more simple for a newbie like me? Thanks What I want to do is: First check all the files from a folder and analyze only the one with the .Seq...
8
2467
by: Simon | last post by:
Hey folks, I need some of your expertiese again. I am creating a survey form and need some help gathering the results of a question that has checkboxes. There are four options for one of the questions for example Where do you normally buy books? o Bookstore o Online o Book club
14
2593
by: Akbar | last post by:
Hey there, Big-time curiosity issue here... Here's the test code (it's not that long)... it's to display a large number of image links with captions, ideally pulled in from an external file (that part's not here -- spotlighting the problem code): --------BEGIN CODE PAGE------------ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0...
13
4919
by: Mr. Clean | last post by:
Can a rolloever menu be done using only CSS, without javascript?
31
1831
by: Mike | last post by:
I'm after a *simple* script to log each visitor to a website. All I actually need is the visitor's reported IP address whether genuine, proxied or hidden. Their reported browser type would be an advantage, regardless of what browser is actually used. Anyone know of anything simple and preferably free that will do this? The site is hosted...
9
1553
by: SharkFOA | last post by:
Hi Bob, Hoping that you can help. Sometime ago I posted for help(Copied below). You suggested using a crosstab query. I've tried everything I know how but can't get it to work. I think it must be in the basics. You refer to a booked date whereas I have a check in & check out date. My table has a lookup to the room, checkin & checkout...
1
3658
by: TC | last post by:
Hi Steve Some time ago I told you about the "blat" SMTP mailer. You said you would look into it. I'm now planning on using it myself. I've tried the DLL version, & am having a problem with the -install option. It works - ie. it adds the relevant info. to the registry - but it never returns from the call. Access instantly quits! There are...
2
1159
by: PC Datasheet | last post by:
Recently you responded to a poster on the cause and remedy for a Write Conflict error. If you remember the thread, could you point me to it or could you repost what you remember you said in the response. Thank You! Steve PC Datasheet
3
1249
by: Hugh Welford | last post by:
Hi Bob - had the advice below from you recently:- hugh welford wrote: > Hi - using XP pro with IIS to develop offline asp data access site. > > Suddenly, my DSNs and odbc drivers have disappeared - the only thing > I can think of is that an XP auto update has done this in some way. > > Can anyone tell me how to get hold of and re-instal...
0
7621
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7824
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8060
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
7903
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6176
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5170
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3593
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3573
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1156
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.