Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
I have the following code at the start of the recordset:
dim chosencar
chosencar=Reque st.QueryString( "make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
Make='<--chosencar-->' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie at
SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
Thanks for your time and help!
Gareth
15  2981 
Well, aside from various bad things I might point out (like NEVER USE SELECT
* IN PRODUCTION CODE), have you tried:
chosencar = Replace(Request .QueryString("m ake"), "'", "''")
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price ASC"
Also, consider parameterized queries, stored procedures, etc. Constructing
ad hoc sql in this way is very dangerous and inefficient. I wish I wasn't
too lazy to look up the links usually provided by Bob Barrows, but he's not.
:-)
<gj********@vol canomail.com> wrote in message
news:11******** **************@ u72g2000cwu.goo glegroups.com.. . Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
I have the following code at the start of the recordset:
dim chosencar
chosencar=Reque st.QueryString( "make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
Make='<--chosencar-->' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie at
SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
Thanks for your time and help!
Gareth gj********@volc anomail.com wrote: Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
Do you really need ALL the fields and ALL the rows?
I have the following code at the start of the recordset:
dim chosencar
chosencar=Reque st.QueryString( "make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
Make='<--chosencar-->' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie
at SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
I would start by getting rid of the * and explicitly naming the fields
you wish the query to return. Then:
dim sql, arParms, make, cmd
make=Request.Qu eryString("make ")
'validate make - make sure it contains what it's supposed to contain
'if it's valid, then:
sql="SELECT <list of fields> FROM MainTable " & _
"WHERE Make=? ORDER BY Price ASC"
'see the "?" That's called a parameter marker. You can
'have as many as you need. Now let's use a command object
'to pass a value to that parameter:
arParms=array(m ake) 'an array is required
set cmd=createobjec t("adodb.commma nd")
with cmd
.commandtype=1 'adCmdText
.commandtext=sq l
set .activeconnecti on=objconn
set Recordset1 = .Execute(,arPar ms)
End With
if not Recordset1.eof then ...
You can find the ADO documentation here: http://msdn.microsoft.com/library/en...ireference.asp
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thanks Aaron,
I tried what you suggested but it says the syntax is incorrect. Any
other suggestions on how to do it? I a complete novice to SQL so
parameterized queries and stored procedures are things i have not heard
of!
Thanks again for your reply,
Regards, Gareth
Aaron Bertrand [SQL Server MVP] wrote: Well, aside from various bad things I might point out (like NEVER USE SELECT
* IN PRODUCTION CODE), have you tried:
chosencar = Replace(Request .QueryString("m ake"), "'", "''")
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price ASC"
Also, consider parameterized queries, stored procedures, etc. Constructing
ad hoc sql in this way is very dangerous and inefficient. I wish I wasn't
too lazy to look up the links usually provided by Bob Barrows, but he's not.
:-)
<gj********@vol canomail.com> wrote in message
news:11******** **************@ u72g2000cwu.goo glegroups.com.. . Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
I have the following code at the start of the recordset:
dim chosencar
chosencar=Reque st.QueryString( "make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
Make='<--chosencar-->' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie at
SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
Thanks for your time and help!
Gareth
Thanks for your help Bob,
Just one query with what you have written - how do i link that in with
the VBScript Recordset1.Sour ce? Or is this a completely different
approach to my problem?
Thanks again, Gareth
Bob Barrows [MVP] wrote: gj********@volc anomail.com wrote: Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
Do you really need ALL the fields and ALL the rows?
I have the following code at the start of the recordset:
dim chosencar
chosencar=Reque st.QueryString( "make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
Make='<--chosencar-->' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie
at SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
I would start by getting rid of the * and explicitly naming the fields
you wish the query to return. Then:
dim sql, arParms, make, cmd
make=Request.Qu eryString("make ")
'validate make - make sure it contains what it's supposed to contain
'if it's valid, then:
sql="SELECT <list of fields> FROM MainTable " & _
"WHERE Make=? ORDER BY Price ASC"
'see the "?" That's called a parameter marker. You can
'have as many as you need. Now let's use a command object
'to pass a value to that parameter:
arParms=array(m ake) 'an array is required
set cmd=createobjec t("adodb.commma nd")
with cmd
.commandtype=1 'adCmdText
.commandtext=sq l
set .activeconnecti on=objconn
set Recordset1 = .Execute(,arPar ms)
End With
if not Recordset1.eof then ...
You can find the ADO documentation here:
http://msdn.microsoft.com/library/en...ireference.asp
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Debugging 101:
Change
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price ASC"
to
sql = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price"
response.write sql
response.end
Show us the result! And if you still get an error message, please copy and
paste explicitly. I know of about 30 different messages that include the
words "syntax" and "incorrect" ... the exact error message (and maybe even
the line it occurs on) would be much more helpful.
A
<gj********@vol canomail.com> wrote in message
news:11******** **************@ y41g2000cwy.goo glegroups.com.. . Thanks Aaron,
I tried what you suggested but it says the syntax is incorrect. Any
other suggestions on how to do it? I a complete novice to SQL so
parameterized queries and stored procedures are things i have not heard
of!
Thanks again for your reply,
Regards, Gareth
Aaron Bertrand [SQL Server MVP] wrote: Well, aside from various bad things I might point out (like NEVER USE
SELECT
* IN PRODUCTION CODE), have you tried:
chosencar = Replace(Request .QueryString("m ake"), "'", "''")
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price ASC"
Also, consider parameterized queries, stored procedures, etc.
Constructing
ad hoc sql in this way is very dangerous and inefficient. I wish I
wasn't
too lazy to look up the links usually provided by Bob Barrows, but he's
not.
:-)
<gj********@vol canomail.com> wrote in message
news:11******** **************@ u72g2000cwu.goo glegroups.com.. . > Hello, I have a simple problem that I just cannot get my head around!
>
> I currently have the following line in my ASP recordset:
>
> Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
>
> I have the following code at the start of the recordset:
>
> dim chosencar
> chosencar=Reque st.QueryString( "make")
>
> What i want to have is a WHERE command in the SQL statement which will
> filter the passed value from the previous page. For example:
>
> Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
> Make='<--chosencar-->' ORDER BY Price ASC"
>
> Is there any way of doing what i want it to do please? I am a newbie at
> SQL so all help is greatly appreciated. Keeping it as simple as
> possible will also help me!
>
> Thanks for your time and help!
> Gareth
>
Aaron,
If i change that i get an unspecified error. So you know exactly what i
am using it is Dreamweaver MX2004 with ASP VBscript pages. From within
dreamweaver i create a recordset to connect to the database. Part of
this connection is the SQL which when i change it your suggestion i get
the following error when i test it:
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing
operator) in query expression ' [ & _ ] [make] = ' " & chosencar & " '
'
Hope this gives you some clue! Thanks again for your help
Gareth
Aaron Bertrand [SQL Server MVP] wrote: Debugging 101:
Change
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price ASC"
to
sql = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price"
response.write sql
response.end
Show us the result! And if you still get an error message, please copy and
paste explicitly. I know of about 30 different messages that include the
words "syntax" and "incorrect" ... the exact error message (and maybe even
the line it occurs on) would be much more helpful.
A
<gj********@vol canomail.com> wrote in message
news:11******** **************@ y41g2000cwy.goo glegroups.com.. . Thanks Aaron,
I tried what you suggested but it says the syntax is incorrect. Any
other suggestions on how to do it? I a complete novice to SQL so
parameterized queries and stored procedures are things i have not heard
of!
Thanks again for your reply,
Regards, Gareth
Aaron Bertrand [SQL Server MVP] wrote: Well, aside from various bad things I might point out (like NEVER USE
SELECT
* IN PRODUCTION CODE), have you tried:
chosencar = Replace(Request .QueryString("m ake"), "'", "''")
Recordset1.Sour ce = "SELECT * FROM MainTable WHERE " & _
" [make] = '" & chosencar & "' ORDER BY Price ASC"
Also, consider parameterized queries, stored procedures, etc.
Constructing
ad hoc sql in this way is very dangerous and inefficient. I wish I
wasn't
too lazy to look up the links usually provided by Bob Barrows, but he's
not.
:-)
<gj********@vol canomail.com> wrote in message
news:11******** **************@ u72g2000cwu.goo glegroups.com.. .
> Hello, I have a simple problem that I just cannot get my head around!
>
> I currently have the following line in my ASP recordset:
>
> Recordset1.Sour ce = "SELECT * FROM MainTable ORDER BY Price ASC"
>
> I have the following code at the start of the recordset:
>
> dim chosencar
> chosencar=Reque st.QueryString( "make")
>
> What i want to have is a WHERE command in the SQL statement which will
> filter the passed value from the previous page. For example:
>
> Recordset1.Sour ce = "SELECT * FROM MainTable WHERE
> Make='<--chosencar-->' ORDER BY Price ASC"
>
> Is there any way of doing what i want it to do please? I am a newbie at
> SQL so all help is greatly appreciated. Keeping it as simple as
> possible will also help me!
>
> Thanks for your time and help!
> Gareth
>
> [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ' [ & _ ] [make] = ' " & chosencar & " '
I think you copied my code wrong, the & _ does not belong inside the string,
but apparently you placed it there.
A gj********@volc anomail.com wrote: Thanks for your help Bob,
Just one query with what you have written - how do i link that in with
the VBScript Recordset1.Sour ce?
You don't need to. Setting the Source property to a sql statement and
opening the recordset achieves the same result as executing the sql
statement using the Command object.
Why am I recommending the Command object? or better yet stored procedures?
SQL Injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
Since you did not tell us what type of database you are using, I will
refrain from posting the links that explain how to use stored procedures.
Here's my canned post about using Command objects: http://groups-beta.google.com/group/...e36562fee7804e
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
This is the code i have (spaced the single/double " out for clarity):
SELECT *
FROM MainTable
WHERE " & _ " [make] = ' " & chosencar & " '
ORDER BY Price ASC
Is this not correct?
Thanks, Gareth
Aaron Bertrand [SQL Server MVP] wrote: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing
operator) in query expression ' [ & _ ] [make] = ' " & chosencar & " '
I think you copied my code wrong, the & _ does not belong inside the string,
but apparently you placed it there.
A
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Samantha Smit |
last post by:
Hi,
I am trying to create a simple asp page that has one command button that
updates a database. The URL of the page is like this:
http://MyServer.com/Update.asp?UserName=Tom
My asp code is like this:
%@ Language=VBScript %>
<!--#include file="includes/openconnection.asp"-->
|
by: Paul |
last post by:
HI! I get an error with this code.
<SCRIPT language="JavaScript">
If (ifp==""){
ifp="default.htm"}
//--></SCRIPT>
Basicly I want my iframe to have a default page if the user enters in
directly. so I need a way doing this. so I check to see if the ifp value is
null and if so then assign it a value. is this correct?
|
by: Peter |
last post by:
My problem is the last bit of coding below, the like statement does not
work. what I have is a product options field and in it is stored characters
i.e. "avcy" etc what the query does is that if I type in any single
character all the products that match the criteria should be displayed. So
if I typed in an "a" I should get 3 returns (see below) Fields could look
like this:
product.options:
bhw
djhsa
|
by: Tyro |
last post by:
Please provide a rough idea on how I can approach the following.
I have a page called student.aspx that looks like:
"See students by first letter of lastname (each letter is a link to the
current page)"
A B C D E F G .... Z
See students by gradelevel (each is a link to current page)
K 1 2 3 4 5 6 .. 12
|
by: mahsa |
last post by:
Hi have have some link like thi
http://x.com/Shoppingcart.aspx?pn=ps50210&qty_ps50210=1&pn=excel&qty_excel=1&pn=l4504000&qty_l4504000=1&sku=PS50210&cat=laminate&action=updat
now I want to request the dat
I use this code in as
<%For Each strPartNo In Request.QueryString("pn"
lngQty = Request.QueryString("qty_" & strPartNo
strPartNo = LCase(strPartNo
Response.Write("strPartNo"& strPartNo& lngQty
Next
%
| | |
by: Miguel Dias Moura |
last post by:
Hello,
i have an ASP.net / VB page which i want to display 1 record of a database
acording to this:
1. The page receives a variable name "Explicador" in the URL. Example:
"Explicador = Jonh Smith"
2. The database where the records are is named "explicador"
3. Two of the database fields are "NomePrimeiro" and "NomeUltimo". The
"Explicador" field is created as follows:
|
by: Tim::.. |
last post by:
Can someone please tell me why this doesn't work!
Error:
Request is not available in this context
Private rowID As Integer = Request.QueryString(ID)
I need to have the variable rowID accessable by a number of other functions
and subs but when I do the above I get the following error!
|
by: jegray |
last post by:
I am very much a beginner in dealing with connection statments. I am getting the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
Data source name not found and no default driver specified
/default.asp, line 32
Here is my connection include:
|
by: =?Utf-8?B?QVRT?= |
last post by:
HOWTO Make CStr for JavaScript on ASP w/ Request.Form and QueryString
In ASP, Request.Form and Request.QueryString return objects that do not
support "toString", or any JavaScript string operation on parameters not
passed.
Example: Make a TST.asp and post to it as TST.asp?STATE=TEST
<%@ Language=JavaScript %>
<%
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
