You set sText to be your safened value from your form (or querystring?) but
then don't use it. Try this:
Sub SafenSQL(ByRef sText)
sText = Replace(sText, "'", "''")
End Sub
Dim sSQL
Dim sReportName, sReportCatName, sSelectionCriteria,
sReportGuideDescription, sFullReportDescription, sVersionCreatedFor,
sClientCreatedFor, sReleasedTo, sTidyUpDescription, sMultiPage,
sHeadingCellsShowBorders, sChart, sLandscape, sReleasedToOthers, sReportID
'''It appears that you aren't using any integers, bits, or any other
non-text data type. Hmm.
sReportName = Request("ReportName")
sReportCatName = Request("ReportCatName")
sSelectionCriteria = Request("SelectionCriteria")
'''etc. etc.
SafenSQL sReportName
SafenSQL sReportCatName
SafeSQL sSelectionCriteria
'''etc. etc.
sSQL = "UPDATE tblReport SET ReportName = '" & sReportName &
"',ReportCatName = '" & sReportCatName & "',SelectionCriteria='" &
sSelectionCriteria & _
"',ReportGuideDescription = '" & sReportGuideDescription &
"',FullReportDescription = '" sFullReportDescription & "',VersionCreatedFor
= '" & _
sVersionCreatedFor & "',ClientCreatedFor = '" sClientCreatedFor &
"',ReleasedTo ='" sReleasedTo & "', TidyUpDescription = '" &
sTidyUpDescription & _ "', MultiPage ='" & sMultiPage &
"',HeadingCellsShowBorders = '" & sHeadingCellsShowBorders & "',Chart = '"
sChart & "', Landscape = '" & _
sLandscape & "',ReleasedToOthers = '" & sReleasedToOthers & "' WHERE
ReportId = '" & sReportId & "'"
Set conn = Server.CreateObject ("ADODB.Connection")
conn.ConnectionTimeout = Application("DevReportMaint_ConnectionTimeout")
conn.CommandTimeout = Application("DevReportMaint_CommandTimeout")
conn.Open "DevReportMaint", "DevReportMaintUser", "Spike1"
conn.Execute sSQL
conn.Close
set conn = Nothing
Ray at work
"MillHillBlade" <an*******@devdex.com> wrote in message
news:Op**************@TK2MSFTNGP11.phx.gbl...
Hi Bob,
Thanks for that. Where exactly should that code go, I've placed it
before mu update code, ie:
Dim sText
sText = request("ReportGuideDescription")
sText = Replace(sText,"'","''")
Set conn = Server.CreateObject ("ADODB.Connection")
conn.ConnectionTimeout = Application("DevReportMaint_ConnectionTimeout")
conn.CommandTimeout = Application("DevReportMaint_CommandTimeout")
conn.Open "DevReportMaint", "DevReportMaintUser", "Spike1"
conn.Execute "UPDATE tblReport SET" & _
" ReportName = '"& request("ReportName") &"', " & _
" ReportCatName = '"& request("ReportCatName") &"', SelectionCriteria =
'"& request("SelectionCriteria")& "', " & _
" ReportGuideDescription = '"& request("ReportGuideDescription")& "',
" & _
" FullReportDescription = '"& request("FullReportDescription")& "', " &
_
" VersionCreatedFor = '"& request("VersionCreatedFor")& "', " & _
" ClientCreatedFor = '"& request("ClientCreatedFor") &"', ReleasedTo =
'"& request("ReleasedTo") &"', " &_
" TidyUpDescription = '"& request("TidyUpDescription") &"', MultiPage =
'"& request("MultiPage") &"', " & _
" HeadingCellsShowBorders = '"& request("HeadingCellsShowBorders") &"',
" & _
" Chart = '"& request("Chart") &"', Landscape = '"&
request("Landscape") &"', " & _
" ReleasedToOthers = '"& request("ReleasedToOthers") &"' " & _
" WHERE ReportId = '"& request("ReportId") &"'"
conn.Close
set conn = Nothing
Also, I replaced "data" in the line 'sText = request("data")' with the
name of the field I wanted to replace the text in.
However it still doesn't work!!
Thanks,
Joseph
Phil Jagielka- the best young footballer in Britain, no question!!
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
