I need to add the following variable into an SQL statement and not sure
how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
14  3075 
Matt wrote:
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
Matt wrote:
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
You can easily wrap this into your own reusable function if you want to
write a single line.
The other well known option you'll see is to construct a string that
includes the data. Additionaly to security issues it has its own problems
(as data are written inside the SQL statement, it's easy to use a country or
server dependant format for those data that could bite you at some point).
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news: 11*********************@i3g2000cwc.googlegroups.co m...
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
>Matt wrote:
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
This is the second easiest*, and most secure, way I know.
More difficult (IMO) is to use dynamic sql: i.e., concatenate the value of
the variable into the string. It would work like this, given that GCID has a
numeric datatype:
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
To me, thistechnique is more difficult because you have to deal with
delimiters, both when forming the sql statement, and also when the data
contains characters that are considered to be delimiters by the database
engine. A huge percentage of the questions we answer on these groups are a
result of the incorrect handling of delimiter characters. Here is one of my
older posts where I talk about how to handle delimiters in dynamic sql: http://groups.google.com/group/micro...UTF-8&oe=UTF-8
The other MAJOR problem with dynamic sql is SQL Injection, which is
discussed in these articles: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23 http://www.nextgenss.com/papers/adva..._injection.pdf http://www.nextgenss.com/papers/more..._injection.pdf
*The post I cited above shows what I consider to be the easiest way to pass
values into sql statements.
Matt wrote:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
>Matt wrote:
>>I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
>>tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get working:
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
Set objConn = Server.CreateObject ("ADODB.Connection")
Set rs = Server.CreateObject ("ADODB.Recordset")
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=" & strGCId
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN tblGC
ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" & strGCId
RS.Open sql, strConnect, adOpenStatic
response.write "<table>"
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") & " "
& RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
Do While Not RS.EOF
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") & "<br>Ext " &
RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") & "</a><br><br></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
RS.MoveNext
Loop
response.write "</table>"
rs.close
%>
Bob Barrows [MVP] wrote:
This is the second easiest*, and most secure, way I know.
More difficult (IMO) is to use dynamic sql: i.e., concatenate the value of
the variable into the string. It would work like this, given that GCID has a
numeric datatype:
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
To me, thistechnique is more difficult because you have to deal with
delimiters, both when forming the sql statement, and also when the data
contains characters that are considered to be delimiters by the database
engine. A huge percentage of the questions we answer on these groups are a
result of the incorrect handling of delimiter characters. Here is one of my
older posts where I talk about how to handle delimiters in dynamic sql:
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
The other MAJOR problem with dynamic sql is SQL Injection, which is
discussed in these articles:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
*The post I cited above shows what I consider to be the easiest way to pass
values into sql statements.
Matt wrote:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
Matt wrote:
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
You forgot to mention the problem in your post...
A quick read raises :
I see \\ in the path of the DB. Also depending on which Jet engine you are
using the JOIN notation could perhaps be different or if strGCId is a string
you'll have to enclose this value within quotes (response.write your SQL
statement as suggested by Bob).
The error message would be really helpfull.
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news: 11*********************@i42g2000cwa.googlegroups.c om...
>I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get working:
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
Set objConn = Server.CreateObject ("ADODB.Connection")
Set rs = Server.CreateObject ("ADODB.Recordset")
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=" & strGCId
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN tblGC
ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" & strGCId
RS.Open sql, strConnect, adOpenStatic
response.write "<table>"
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") & " "
& RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
Do While Not RS.EOF
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") & "<br>Ext " &
RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") & "</a><br><br></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
RS.MoveNext
Loop
response.write "</table>"
rs.close
%>
Bob Barrows [MVP] wrote:
>This is the second easiest*, and most secure, way I know.
More difficult (IMO) is to use dynamic sql: i.e., concatenate the value
of
the variable into the string. It would work like this, given that GCID
has a
numeric datatype:
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
To me, thistechnique is more difficult because you have to deal with
delimiters, both when forming the sql statement, and also when the data
contains characters that are considered to be delimiters by the database
engine. A huge percentage of the questions we answer on these groups are
a
result of the incorrect handling of delimiter characters. Here is one of
my
older posts where I talk about how to handle delimiters in dynamic sql:
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
The other MAJOR problem with dynamic sql is SQL Injection, which is
discussed in these articles:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
*The post I cited above shows what I consider to be the easiest way to
pass
values into sql statements.
Matt wrote:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
Matt wrote:
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Response.write SQL produces:
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID = g.gcID
WHERE c.GCID=2582
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
Patrice wrote:
You forgot to mention the problem in your post...
A quick read raises :
I see \\ in the path of the DB. Also depending on which Jet engine you are
using the JOIN notation could perhaps be different or if strGCId is a string
you'll have to enclose this value within quotes (response.write your SQL
statement as suggested by Bob).
The error message would be really helpfull.
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i42g2000cwa.googlegroups.c om...
I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get working:
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
Set objConn = Server.CreateObject ("ADODB.Connection")
Set rs = Server.CreateObject ("ADODB.Recordset")
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=" & strGCId
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN tblGC
ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" & strGCId
RS.Open sql, strConnect, adOpenStatic
response.write "<table>"
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") & " "
& RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
Do While Not RS.EOF
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") & "<br>Ext " &
RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") & "</a><br><br></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
RS.MoveNext
Loop
response.write "</table>"
rs.close
%>
Bob Barrows [MVP] wrote:
This is the second easiest*, and most secure, way I know.
More difficult (IMO) is to use dynamic sql: i.e., concatenate the value
of
the variable into the string. It would work like this, given that GCID
has a
numeric datatype:
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
To me, thistechnique is more difficult because you have to deal with
delimiters, both when forming the sql statement, and also when the data
contains characters that are considered to be delimiters by the database
engine. A huge percentage of the questions we answer on these groups are
a
result of the incorrect handling of delimiter characters. Here is oneof
my
older posts where I talk about how to handle delimiters in dynamic sql:
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
The other MAJOR problem with dynamic sql is SQL Injection, which is
discussed in these articles:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
*The post I cited above shows what I consider to be the easiest way to
pass
values into sql statements.
Matt wrote:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
Matt wrote:
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
I just notice. Why is tblGC involved in this query at all? It seems to
me that
SELECT c.* FROM tblContacts c WHERE c.GCID=2582
would retrieve the same results ...
Open your database in Access, create a new query in Design View, switch
to SQL View, paste in the result of the respone.write and try it. Does
it return records? If so, try my version above and see if it returns a
different set of records.
Matt wrote:
Response.write SQL produces:
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID = g.gcID
WHERE c.GCID=2582
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
Patrice wrote:
>You forgot to mention the problem in your post...
A quick read raises :
I see \\ in the path of the DB. Also depending on which Jet engine
you are using the JOIN notation could perhaps be different or if
strGCId is a string you'll have to enclose this value within quotes
(response.write your SQL statement as suggested by Bob).
The error message would be really helpfull.
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i42g2000cwa.googlegroups.c om...
>>I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get
working:
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
Set objConn = Server.CreateObject ("ADODB.Connection")
Set rs = Server.CreateObject ("ADODB.Recordset")
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=" & strGCId
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" &
strGCId
RS.Open sql, strConnect, adOpenStatic
response.write "<table>"
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") &
" " & RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
Do While Not RS.EOF
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") &
"<br>Ext " & RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") & "</a><br><br></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
RS.MoveNext
Loop
response.write "</table>"
rs.close
%>
Bob Barrows [MVP] wrote:
This is the second easiest*, and most secure, way I know.
More difficult (IMO) is to use dynamic sql: i.e., concatenate the
value of
the variable into the string. It would work like this, given that
GCID has a
numeric datatype:
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
To me, thistechnique is more difficult because you have to deal
with delimiters, both when forming the sql statement, and also
when the data contains characters that are considered to be
delimiters by the database engine. A huge percentage of the
questions we answer on these groups are a
result of the incorrect handling of delimiter characters. Here is
one of my
older posts where I talk about how to handle delimiters in dynamic
sql:
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>>
The other MAJOR problem with dynamic sql is SQL Injection, which is
discussed in these articles:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
*The post I cited above shows what I consider to be the easiest
way to pass
values into sql statements.
Matt wrote:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
>
>
Bob Barrows [MVP] wrote:
>Matt wrote:
>>I need to add the following variable into an SQL statement and
>>not sure how to do it.
>>>
>>strGCID needs to be inserted into the following statement:
>>>
>>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
>>
>http://www.aspfaq.com/show.asp?id=2096
>>
>>tblContacts.GCID = tblGC.gcID WHERE
>>(((tblContacts.GCID)=strGCID))"
>>>
>>i am just not sure of the proper syntax.
>>
>Here is the secure way:
>>
>>
>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>c.GCID = g.gcID WHERE c.GCID=?"
>>
>dim arParms
>arParms=array(strGCID)
>dim cmd,rs
>set cmd=createobject("adodb.command")
>cmd.commandtext=sql
>cmd.commandtype=1 'adCmdText
>set cmd.activeconnection=objConn
>set rs = cmd.execute(,arParms)
>>
>--
>Microsoft MVP - ASP/ASP.NET
>Please reply to the newsgroup. This email account is my spam
>trap so I don't check it very often. If you must reply off-line,
>then remove the "NO SPAM"
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap
so I don't check it very often. If you must reply off-line, then
remove the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
tblGC contains all of the company information and tblContacts contains
detailed employee information
Bob Barrows [MVP] wrote:
I just notice. Why is tblGC involved in this query at all? It seems to
me that
SELECT c.* FROM tblContacts c WHERE c.GCID=2582
would retrieve the same results ...
Open your database in Access, create a new query in Design View, switch
to SQL View, paste in the result of the respone.write and try it. Does
it return records? If so, try my version above and see if it returns a
different set of records.
Matt wrote:
Response.write SQL produces:
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID = g.gcID
WHERE c.GCID=2582
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
Patrice wrote:
You forgot to mention the problem in your post...
A quick read raises :
I see \\ in the path of the DB. Also depending on which Jet engine
you are using the JOIN notation could perhaps be different or if
strGCId is a string you'll have to enclose this value within quotes
(response.write your SQL statement as suggested by Bob).
The error message would be really helpfull.
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i42g2000cwa.googlegroups.c om...
I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get
working:
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
Set objConn = Server.CreateObject ("ADODB.Connection")
Set rs = Server.CreateObject ("ADODB.Recordset")
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=" & strGCId
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" &
strGCId
RS.Open sql, strConnect, adOpenStatic
response.write "<table>"
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") &
" " & RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
Do While Not RS.EOF
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") &
"<br>Ext " & RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") & "</a><br><br></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
RS.MoveNext
Loop
response.write "</table>"
rs.close
%>
Bob Barrows [MVP] wrote:
This is the second easiest*, and most secure, way I know.
More difficult (IMO) is to use dynamic sql: i.e., concatenate the
value of
the variable into the string. It would work like this, given that
GCID has a
numeric datatype:
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
To me, thistechnique is more difficult because you have to deal
with delimiters, both when forming the sql statement, and also
when the data contains characters that are considered to be
delimiters by the database engine. A huge percentage of the
questions we answer on these groups are a
result of the incorrect handling of delimiter characters. Here is
one of my
older posts where I talk about how to handle delimiters in dynamic
sql:
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>
The other MAJOR problem with dynamic sql is SQL Injection, which is
discussed in these articles:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
*The post I cited above shows what I consider to be the easiest
way to pass
values into sql statements.
Matt wrote:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
Matt wrote:
>I need to add the following variable into an SQL statement and
>not sure how to do it.
>>
>strGCID needs to be inserted into the following statement:
>>
>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
>
http://www.aspfaq.com/show.asp?id=2096
>
>tblContacts.GCID = tblGC.gcID WHERE
>(((tblContacts.GCID)=strGCID))"
>>
>i am just not sure of the proper syntax.
>
Here is the secure way:
>
>
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
>
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 'adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
>
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam
trap so I don't check it very often. If you must reply off-line,
then remove the "NO SPAM"
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap
so I don't check it very often. If you must reply off-line, then
remove the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Right ... but you're not returning any of the data from tblGC, so why
mention it in the query?
Matt wrote:
tblGC contains all of the company information and tblContacts contains
detailed employee information
Bob Barrows [MVP] wrote:
>I just notice. Why is tblGC involved in this query at all? It seems
to me that
SELECT c.* FROM tblContacts c WHERE c.GCID=2582
would retrieve the same results ...
Open your database in Access, create a new query in Design View,
switch to SQL View, paste in the result of the respone.write and try
it. Does it return records? If so, try my version above and see if
it returns a different set of records.
Matt wrote:
>>Response.write SQL produces:
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID = g.gcID
WHERE c.GCID=2582
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
Patrice wrote:
You forgot to mention the problem in your post...
A quick read raises :
I see \\ in the path of the DB. Also depending on which Jet engine
you are using the JOIN notation could perhaps be different or if
strGCId is a string you'll have to enclose this value within quotes
(response.write your SQL statement as suggested by Bob).
The error message would be really helpfull.
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i42g2000cwa.googlegroups.c om...
I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get
working:
>
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
>
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
>
Set objConn = Server.CreateObject ("ADODB.Connection")
>
Set rs = Server.CreateObject ("ADODB.Recordset")
>
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID
= g.gcID WHERE c.GCID=" & strGCId
>
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" &
strGCId
>
RS.Open sql, strConnect, adOpenStatic
>
>
>
response.write "<table>"
>
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") &
" " & RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
>
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
>
Do While Not RS.EOF
>
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") &
"<br>Ext " & RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
>
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") &
"</a><br><br></td>" response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
>
RS.MoveNext
Loop
>
response.write "</table>"
>
rs.close
>
>
>
%>
Bob Barrows [MVP] wrote:
>This is the second easiest*, and most secure, way I know.
>>
>More difficult (IMO) is to use dynamic sql: i.e., concatenate the
>value of
>the variable into the string. It would work like this, given that
>GCID has a
>numeric datatype:
>>
>sql = " ... WHERE c.GCID = " & strGCID
>'for debugging when things go wrong:
>Response.Write sql
>>
>To me, thistechnique is more difficult because you have to deal
>with delimiters, both when forming the sql statement, and also
>when the data contains characters that are considered to be
>delimiters by the database engine. A huge percentage of the
>questions we answer on these groups are a
>result of the incorrect handling of delimiter characters. Here
>is one of my
>older posts where I talk about how to handle delimiters in
>dynamic sql:
>>
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>>>>
>The other MAJOR problem with dynamic sql is SQL Injection, which
>is discussed in these articles:
>http://mvp.unixwiz.net/techtips/sql-injection.html
>http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>http://www.nextgenss.com/papers/adva..._injection.pdf
>http://www.nextgenss.com/papers/more..._injection.pdf
>>
>>
>*The post I cited above shows what I consider to be the easiest
>way to pass
>values into sql statements.
>>
>Matt wrote:
>>Is there an easier way just to put the variable in the SQL
>>Select statement?
>>Thanks
>>>
>>>
>>Bob Barrows [MVP] wrote:
>>>Matt wrote:
>>>>I need to add the following variable into an SQL statement and
>>>>not sure how to do it.
>>>>>
>>>>strGCID needs to be inserted into the following statement:
>>>>>
>>>>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC
>>>>ON
>>>>
>>>http://www.aspfaq.com/show.asp?id=2096
>>>>
>>>>tblContacts.GCID = tblGC.gcID WHERE
>>>>(((tblContacts.GCID)=strGCID))"
>>>>>
>>>>i am just not sure of the proper syntax.
>>>>
>>>Here is the secure way:
>>>>
>>>>
>>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>>>c.GCID = g.gcID WHERE c.GCID=?"
>>>>
>>>dim arParms
>>>arParms=array(strGCID)
>>>dim cmd,rs
>>>set cmd=createobject("adodb.command")
>>>cmd.commandtext=sql
>>>cmd.commandtype=1 'adCmdText
>>>set cmd.activeconnection=objConn
>>>set rs = cmd.execute(,arParms)
>>>>
>>>--
>>>Microsoft MVP - ASP/ASP.NET
>>>Please reply to the newsgroup. This email account is my spam
>>>trap so I don't check it very often. If you must reply
>>>off-line, then remove the "NO SPAM"
>>
>--
>Microsoft MVP - ASP/ASP.NET
>Please reply to the newsgroup. This email account is my spam trap
>so I don't check it very often. If you must reply off-line, then
>remove the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
I am returning data from the tblGC, RS("Company") RS("Address1") etc...
all the rs's in the first table come from the tblGC.
Bob Barrows [MVP] wrote:
Right ... but you're not returning any of the data from tblGC, so why
mention it in the query?
Matt wrote:
tblGC contains all of the company information and tblContacts contains
detailed employee information
Bob Barrows [MVP] wrote:
I just notice. Why is tblGC involved in this query at all? It seems
to me that
SELECT c.* FROM tblContacts c WHERE c.GCID=2582
would retrieve the same results ...
Open your database in Access, create a new query in Design View,
switch to SQL View, paste in the result of the respone.write and try
it. Does it return records? If so, try my version above and see if
it returns a different set of records.
Matt wrote:
Response.write SQL produces:
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID = g.gcID
WHERE c.GCID=2582
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
Patrice wrote:
You forgot to mention the problem in your post...
A quick read raises :
I see \\ in the path of the DB. Also depending on which Jet engine
you are using the JOIN notation could perhaps be different or if
strGCId is a string you'll have to enclose this value within quotes
(response.write your SQL statement as suggested by Bob).
The error message would be really helpfull.
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i42g2000cwa.googlegroups.c om...
I am still having problems with this working. Any help is greatly
appreciated. Here is the entire piece that I am trying to get
working:
Dim objConn
Dim strConnect, sql, rs
Dim strGCId
strGCId = Request.QueryString("gcID")
strConnect = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
Set objConn = Server.CreateObject ("ADODB.Connection")
Set rs = Server.CreateObject ("ADODB.Recordset")
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID
= g.gcID WHERE c.GCID=" & strGCId
'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID="&
strGCId
RS.Open sql, strConnect, adOpenStatic
response.write "<table>"
response.write "<tr>"
response.write "<td><br><h2>" & RS("Company") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("Address1") & "</b></td>" '
response.write "</tr>"
response.write "<tr>"
response.write "<td><h4>" & RS("City") & "," & RS("State") &
" " & RS("ZipCode") & "</b></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><a href=" & RS("WebsiteURL") & ">" &
RS("WebsiteURL") & "</a><br><br></td>"
response.write "</tr>"
response.write "</table>"
response.write "<table border=0>"
response.write "<tr>"
response.write "<td width=200><b>Name</b></td><td
width=150><b>Phone</b></td><td><b>Mobile</b></td>"
response.write "</tr>"
Do While Not RS.EOF
response.write "<tr>"
response.write "<td valign=top>" & RS("contactFirst") & " " &
RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
response.write "<td valign=top>" & RS("WorkPhone") &
"<br>Ext " & RS("contactPhoneExt") & "</td>"
response.write "<td valign=top>" & RS("contactMobile") & "</td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3 valign=top><a href=mailto:" &
RS("contactEmail") & ">" & RS("contactEmail") &
"</a><br><br></td>" response.write "</tr>"
response.write "<tr>"
response.write "<td colspan=3><hr></td>"
response.write "</tr>"
RS.MoveNext
Loop
response.write "</table>"
rs.close
%>
Bob Barrows [MVP] wrote:
This is the second easiest*, and most secure, way I know.
>
More difficult (IMO) is to use dynamic sql: i.e., concatenate the
value of
the variable into the string. It would work like this, given that
GCID has a
numeric datatype:
>
sql = " ... WHERE c.GCID = " & strGCID
'for debugging when things go wrong:
Response.Write sql
>
To me, thistechnique is more difficult because you have to deal
with delimiters, both when forming the sql statement, and also
when the data contains characters that are considered to be
delimiters by the database engine. A huge percentage of the
questions we answer on these groups are a
result of the incorrect handling of delimiter characters. Here
is one of my
older posts where I talk about how to handle delimiters in
dynamic sql:
>
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>>>
The other MAJOR problem with dynamic sql is SQL Injection, which
is discussed in these articles:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
>
>
*The post I cited above shows what I consider to be the easiest
way to pass
values into sql statements.
>
Matt wrote:
>Is there an easier way just to put the variable in the SQL
>Select statement?
>Thanks
>>
>>
>Bob Barrows [MVP] wrote:
>>Matt wrote:
>>>I need to add the following variable into an SQL statement and
>>>not sure how to do it.
>>>>
>>>strGCID needs to be inserted into the following statement:
>>>>
>>>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC
>>>ON
>>>
>>http://www.aspfaq.com/show.asp?id=2096
>>>
>>>tblContacts.GCID = tblGC.gcID WHERE
>>>(((tblContacts.GCID)=strGCID))"
>>>>
>>>i am just not sure of the proper syntax.
>>>
>>Here is the secure way:
>>>
>>>
>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>>c.GCID = g.gcID WHERE c.GCID=?"
>>>
>>dim arParms
>>arParms=array(strGCID)
>>dim cmd,rs
>>set cmd=createobject("adodb.command")
>>cmd.commandtext=sql
>>cmd.commandtype=1 'adCmdText
>>set cmd.activeconnection=objConn
>>set rs = cmd.execute(,arParms)
>>>
>>--
>>Microsoft MVP - ASP/ASP.NET
>>Please reply to the newsgroup. This email account is my spam
>>trap so I don't check it very often. If you must reply
>>off-line, then remove the "NO SPAM"
>
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap
so I don't check it very often. If you must reply off-line, then
remove the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
But your SQL statement only selects every field from tblContacts. You
haven't selected any fields from any other table at all. Therefore,
you are not returning data from tblGC. You do have a SQL statement
that selects from tblGC, but it's commented out...
--
Mike Brind
Matt wrote:
I am returning data from the tblGC, RS("Company") RS("Address1") etc...
all the rs's in the first table come from the tblGC.
Bob Barrows [MVP] wrote:
Right ... but you're not returning any of the data from tblGC, so why
mention it in the query?
Matt wrote:
tblGC contains all of the company information and tblContacts contains
detailed employee information
>
>
>
>
Bob Barrows [MVP] wrote:
>I just notice. Why is tblGC involved in this query at all? It seems
>to me that
>SELECT c.* FROM tblContacts c WHERE c.GCID=2582
>would retrieve the same results ...
>>
>Open your database in Access, create a new query in Design View,
>switch to SQL View, paste in the result of the respone.write and try
>it. Does it return records? If so, try my version above and see if
>it returns a different set of records.
>>
>>
>Matt wrote:
>>Response.write SQL produces:
>>>
>>SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID = g.gcID
>>WHERE c.GCID=2582
>>>
>>which is the corried GCId that I am looking for... but no data is
>>returned... no error messages, just no data
>>>
>>Patrice wrote:
>>>You forgot to mention the problem in your post...
>>>>
>>>A quick read raises :
>>>>
>>>I see \\ in the path of the DB. Also depending on which Jet engine
>>>you are using the JOIN notation could perhaps be different or if
>>>strGCId is a string you'll have to enclose this value within quotes
>>>(response.write your SQL statement as suggested by Bob).
>>>>
>>>The error message would be really helpfull.
>>>>
>>>--
>>>Patrice
>>>>
>>>"Matt" <mw******@caldrywall.coma écrit dans le message de news:
>>>11*********************@i42g2000cwa.googlegroups.c om...
>>>>I am still having problems with this working. Any help is greatly
>>>>appreciated. Here is the entire piece that I am trying to get
>>>>working:
>>>>>
>>>>Dim objConn
>>>>Dim strConnect, sql, rs
>>>>Dim strGCId
>>>>>
>>>>strGCId = Request.QueryString("gcID")
>>>>strConnect = "Driver={Microsoft Access Driver (*.mdb)};
>>>>DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
>>>>>
>>>>Set objConn = Server.CreateObject ("ADODB.Connection")
>>>>>
>>>>Set rs = Server.CreateObject ("ADODB.Recordset")
>>>>>
>>>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID
>>>>= g.gcID WHERE c.GCID=" & strGCId
>>>>>
>>>>'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
>>>>tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID=" &
>>>>strGCId
>>>>>
>>>>RS.Open sql, strConnect, adOpenStatic
>>>>>
>>>>>
>>>>>
>>>> response.write "<table>"
>>>>>
>>>> response.write "<tr>"
>>>> response.write "<td><br><h2>" & RS("Company") & "</td>"
>>>> response.write "</tr>"
>>>> response.write "<tr>"
>>>> response.write "<td><h4>" & RS("Address1") & "</b></td>" '
>>>> response.write "</tr>"
>>>> response.write "<tr>"
>>>> response.write "<td><h4>" & RS("City") & "," & RS("State") &
>>>>" " & RS("ZipCode") & "</b></td>"
>>>> response.write "</tr>"
>>>> response.write "<tr>"
>>>>response.write "<td><a href=" & RS("WebsiteURL") & ">" &
>>>>RS("WebsiteURL") & "</a><br><br></td>"
>>>>response.write "</tr>"
>>>>response.write "</table>"
>>>>>
>>>>response.write "<table border=0>"
>>>>response.write "<tr>"
>>>>response.write "<td width=200><b>Name</b></td><td
>>>>width=150><b>Phone</b></td><td><b>Mobile</b></td>"
>>>>response.write "</tr>"
>>>>>
>>>> Do While Not RS.EOF
>>>>>
>>>>response.write "<tr>"
>>>>response.write "<td valign=top>" & RS("contactFirst") & " " &
>>>>RS("contactLast") & "<br>" & RS("contactTitle") & "</td>"
>>>>response.write "<td valign=top>" & RS("WorkPhone") &
>>>>"<br>Ext " & RS("contactPhoneExt") & "</td>"
>>>>response.write "<td valign=top>" & RS("contactMobile") & "</td>"
>>>>>
>>>>response.write "</tr>"
>>>>response.write "<tr>"
>>>>response.write "<td colspan=3 valign=top><a href=mailto:" &
>>>>RS("contactEmail") & ">" & RS("contactEmail") &
>>>>"</a><br><br></td>" response.write "</tr>"
>>>>response.write "<tr>"
>>>>response.write "<td colspan=3><hr></td>"
>>>>response.write "</tr>"
>>>>>
>>>>RS.MoveNext
>>>> Loop
>>>>>
>>>>response.write "</table>"
>>>>>
>>>>rs.close
>>>>>
>>>>>
>>>>>
>>>>%>
>>>>Bob Barrows [MVP] wrote:
>>>>>This is the second easiest*, and most secure, way I know.
>>>>>>
>>>>>More difficult (IMO) is to use dynamic sql: i.e., concatenate the
>>>>>value of
>>>>>the variable into the string. It would work like this, given that
>>>>>GCID has a
>>>>>numeric datatype:
>>>>>>
>>>>>sql = " ... WHERE c.GCID = " & strGCID
>>>>>'for debugging when things go wrong:
>>>>>Response.Write sql
>>>>>>
>>>>>To me, thistechnique is more difficult because you have to deal
>>>>>with delimiters, both when forming the sql statement, and also
>>>>>when the data contains characters that are considered to be
>>>>>delimiters by the database engine. A huge percentage of the
>>>>>questions we answer on these groups are a
>>>>>result of the incorrect handling of delimiter characters. Here
>>>>>is one of my
>>>>>older posts where I talk about how to handle delimiters in
>>>>>dynamic sql:
>>>>>>
>>
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>>>>
>>>>>The other MAJOR problem with dynamic sql is SQL Injection, which
>>>>>is discussed in these articles:
>>>>>http://mvp.unixwiz.net/techtips/sql-injection.html
>>>>>http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>>>>>http://www.nextgenss.com/papers/adva..._injection.pdf
>>>>>http://www.nextgenss.com/papers/more..._injection.pdf
>>>>>>
>>>>>>
>>>>>*The post I cited above shows what I consider to be the easiest
>>>>>way to pass
>>>>>values into sql statements.
>>>>>>
>>>>>Matt wrote:
>>>>>>Is there an easier way just to put the variable in the SQL
>>>>>>Select statement?
>>>>>>Thanks
>>>>>>>
>>>>>>>
>>>>>>Bob Barrows [MVP] wrote:
>>>>>>>Matt wrote:
>>>>>>>>I need to add the following variable into an SQL statement and
>>>>>>>>not sure how to do it.
>>>>>>>>>
>>>>>>>>strGCID needs to be inserted into the following statement:
>>>>>>>>>
>>>>>>>>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC
>>>>>>>>ON
>>>>>>>>
>>>>>>>http://www.aspfaq.com/show.asp?id=2096
>>>>>>>>
>>>>>>>>tblContacts.GCID = tblGC.gcID WHERE
>>>>>>>>(((tblContacts.GCID)=strGCID))"
>>>>>>>>>
>>>>>>>>i am just not sure of the proper syntax.
>>>>>>>>
>>>>>>>Here is the secure way:
>>>>>>>>
>>>>>>>>
>>>>>>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>>>>>>>c.GCID = g.gcID WHERE c.GCID=?"
>>>>>>>>
>>>>>>>dim arParms
>>>>>>>arParms=array(strGCID)
>>>>>>>dim cmd,rs
>>>>>>>set cmd=createobject("adodb.command")
>>>>>>>cmd.commandtext=sql
>>>>>>>cmd.commandtype=1 'adCmdText
>>>>>>>set cmd.activeconnection=objConn
>>>>>>>set rs = cmd.execute(,arParms)
>>>>>>>>
>>>>>>>--
>>>>>>>Microsoft MVP - ASP/ASP.NET
>>>>>>>Please reply to the newsgroup. This email account is my spam
>>>>>>>trap so I don't check it very often. If you must reply
>>>>>>>off-line, then remove the "NO SPAM"
>>>>>>
>>>>>--
>>>>>Microsoft MVP - ASP/ASP.NET
>>>>>Please reply to the newsgroup. This email account is my spam trap
>>>>>so I don't check it very often. If you must reply off-line, then
>>>>>remove the "NO SPAM"
>>
>--
>Microsoft MVP -- ASP/ASP.NET
>Please reply to the newsgroup. The email account listed in my From
>header is my spam trap, so I don't check it very often. You will get
>a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Maybe you think you are, but your select statement says differently*.
Select c.* FROM tblContacts c
will only return fields from tblContacts. Try it in Access and you will
see.
BTW, what happened when you tried what I advised two posts ago?
* Yet another reason to explicitly list all the fields you want to
return. Stop using selstar.
Matt wrote:
I am returning data from the tblGC, RS("Company") RS("Address1")
etc...
all the rs's in the first table come from the tblGC.
Bob Barrows [MVP] wrote:
>Right ... but you're not returning any of the data from tblGC, so why
mention it in the query?
Matt wrote:
>>tblGC contains all of the company information and tblContacts
contains detailed employee information
Bob Barrows [MVP] wrote:
I just notice. Why is tblGC involved in this query at all? It seems
to me that
SELECT c.* FROM tblContacts c WHERE c.GCID=2582
would retrieve the same results ...
Open your database in Access, create a new query in Design View,
switch to SQL View, paste in the result of the respone.write and
try it. Does it return records? If so, try my version above and
see if it returns a different set of records.
Matt wrote:
Response.write SQL produces:
>
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=2582
>
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
>
Patrice wrote:
>You forgot to mention the problem in your post...
>>
>A quick read raises :
>>
>I see \\ in the path of the DB. Also depending on which Jet
>engine you are using the JOIN notation could perhaps be
>different or if strGCId is a string you'll have to enclose this
>value within quotes (response.write your SQL statement as
>suggested by Bob).
>>
>The error message would be really helpfull.
>>
>--
>Patrice
>>
>"Matt" <mw******@caldrywall.coma écrit dans le message de news:
>11*********************@i42g2000cwa.googlegroups.c om...
>>I am still having problems with this working. Any help is
>>greatly appreciated. Here is the entire piece that I am trying
>>to get working:
>>>
>>Dim objConn
>>Dim strConnect, sql, rs
>>Dim strGCId
>>>
>>strGCId = Request.QueryString("gcID")
>>strConnect = "Driver={Microsoft Access Driver (*.mdb)};
>>DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
>>>
>>Set objConn = Server.CreateObject ("ADODB.Connection")
>>>
>>Set rs = Server.CreateObject ("ADODB.Recordset")
>>>
>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>>c.GCID = g.gcID WHERE c.GCID=" & strGCId
>>>
>>'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
>>tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID="
>>& strGCId
>>>
>>RS.Open sql, strConnect, adOpenStatic
>>>
>>>
>>>
>> response.write "<table>"
>>>
>> response.write "<tr>"
>> response.write "<td><br><h2>" & RS("Company") & "</td>"
>> response.write "</tr>"
>> response.write "<tr>"
>> response.write "<td><h4>" & RS("Address1") & "</b></td>" '
>> response.write "</tr>"
>> response.write "<tr>"
>> response.write "<td><h4>" & RS("City") & "," & RS("State") &
>>" " & RS("ZipCode") & "</b></td>"
>> response.write "</tr>"
>> response.write "<tr>"
>>response.write "<td><a href=" & RS("WebsiteURL") & ">" &
>>RS("WebsiteURL") & "</a><br><br></td>"
>>response.write "</tr>"
>>response.write "</table>"
>>>
>>response.write "<table border=0>"
>>response.write "<tr>"
>>response.write "<td width=200><b>Name</b></td><td
>>width=150><b>Phone</b></td><td><b>Mobile</b></td>"
>>response.write "</tr>"
>>>
>> Do While Not RS.EOF
>>>
>>response.write "<tr>"
>>response.write "<td valign=top>" & RS("contactFirst") &
>>" " & RS("contactLast") & "<br>" & RS("contactTitle") &
>>"</td>" response.write "<td valign=top>" & RS("WorkPhone") &
>>"<br>Ext " & RS("contactPhoneExt") & "</td>"
>>response.write "<td valign=top>" & RS("contactMobile") & "</td>"
>>>
>>response.write "</tr>"
>>response.write "<tr>"
>>response.write "<td colspan=3 valign=top><a href=mailto:" &
>>RS("contactEmail") & ">" & RS("contactEmail") &
>>"</a><br><br></td>" response.write "</tr>"
>>response.write "<tr>"
>>response.write "<td colspan=3><hr></td>"
>>response.write "</tr>"
>>>
>>RS.MoveNext
>> Loop
>>>
>>response.write "</table>"
>>>
>>rs.close
>>>
>>>
>>>
>>%>
>>Bob Barrows [MVP] wrote:
>>>This is the second easiest*, and most secure, way I know.
>>>>
>>>More difficult (IMO) is to use dynamic sql: i.e., concatenate
>>>the value of
>>>the variable into the string. It would work like this, given
>>>that GCID has a
>>>numeric datatype:
>>>>
>>>sql = " ... WHERE c.GCID = " & strGCID
>>>'for debugging when things go wrong:
>>>Response.Write sql
>>>>
>>>To me, thistechnique is more difficult because you have to deal
>>>with delimiters, both when forming the sql statement, and also
>>>when the data contains characters that are considered to be
>>>delimiters by the database engine. A huge percentage of the
>>>questions we answer on these groups are a
>>>result of the incorrect handling of delimiter characters. Here
>>>is one of my
>>>older posts where I talk about how to handle delimiters in
>>>dynamic sql:
>>>>
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>>>>>>
>>>The other MAJOR problem with dynamic sql is SQL Injection,
>>>which is discussed in these articles:
>>>http://mvp.unixwiz.net/techtips/sql-injection.html
>>>http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>>>http://www.nextgenss.com/papers/adva..._injection.pdf
>>>http://www.nextgenss.com/papers/more..._injection.pdf
>>>>
>>>>
>>>*The post I cited above shows what I consider to be the easiest
>>>way to pass
>>>values into sql statements.
>>>>
>>>Matt wrote:
>>>>Is there an easier way just to put the variable in the SQL
>>>>Select statement?
>>>>Thanks
>>>>>
>>>>>
>>>>Bob Barrows [MVP] wrote:
>>>>>Matt wrote:
>>>>>>I need to add the following variable into an SQL statement
>>>>>>and not sure how to do it.
>>>>>>>
>>>>>>strGCID needs to be inserted into the following statement:
>>>>>>>
>>>>>>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN
>>>>>>tblGC ON
>>>>>>
>>>>>http://www.aspfaq.com/show.asp?id=2096
>>>>>>
>>>>>>tblContacts.GCID = tblGC.gcID WHERE
>>>>>>(((tblContacts.GCID)=strGCID))"
>>>>>>>
>>>>>>i am just not sure of the proper syntax.
>>>>>>
>>>>>Here is the secure way:
>>>>>>
>>>>>>
>>>>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>>>>>c.GCID = g.gcID WHERE c.GCID=?"
>>>>>>
>>>>>dim arParms
>>>>>arParms=array(strGCID)
>>>>>dim cmd,rs
>>>>>set cmd=createobject("adodb.command")
>>>>>cmd.commandtext=sql
>>>>>cmd.commandtype=1 'adCmdText
>>>>>set cmd.activeconnection=objConn
>>>>>set rs = cmd.execute(,arParms)
>>>>>>
>>>>>--
>>>>>Microsoft MVP - ASP/ASP.NET
>>>>>Please reply to the newsgroup. This email account is my spam
>>>>>trap so I don't check it very often. If you must reply
>>>>>off-line, then remove the "NO SPAM"
>>>>
>>>--
>>>Microsoft MVP - ASP/ASP.NET
>>>Please reply to the newsgroup. This email account is my spam
>>>trap so I don't check it very often. If you must reply
>>>off-line, then remove the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will
get a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
I switched over the commented SQL statement and it works now but it
didn't work before. It was returning and exception error... hmmm. All
appears to be okay... thanks!
Bob Barrows [MVP] wrote:
Maybe you think you are, but your select statement says differently*.
Select c.* FROM tblContacts c
will only return fields from tblContacts. Try it in Access and you will
see.
BTW, what happened when you tried what I advised two posts ago?
* Yet another reason to explicitly list all the fields you want to
return. Stop using selstar.
Matt wrote:
I am returning data from the tblGC, RS("Company") RS("Address1")
etc...
all the rs's in the first table come from the tblGC.
Bob Barrows [MVP] wrote:
Right ... but you're not returning any of the data from tblGC, so why
mention it in the query?
Matt wrote:
tblGC contains all of the company information and tblContacts
contains detailed employee information
Bob Barrows [MVP] wrote:
I just notice. Why is tblGC involved in this query at all? It seems
to me that
SELECT c.* FROM tblContacts c WHERE c.GCID=2582
would retrieve the same results ...
Open your database in Access, create a new query in Design View,
switch to SQL View, paste in the result of the respone.write and
try it. Does it return records? If so, try my version above and
see if it returns a different set of records.
Matt wrote:
Response.write SQL produces:
SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON c.GCID =
g.gcID WHERE c.GCID=2582
which is the corried GCId that I am looking for... but no data is
returned... no error messages, just no data
Patrice wrote:
You forgot to mention the problem in your post...
>
A quick read raises :
>
I see \\ in the path of the DB. Also depending on which Jet
engine you are using the JOIN notation could perhaps be
different or if strGCId is a string you'll have to enclose this
value within quotes (response.write your SQL statement as
suggested by Bob).
>
The error message would be really helpfull.
>
--
Patrice
>
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i42g2000cwa.googlegroups.c om...
>I am still having problems with this working. Any help is
>greatly appreciated. Here is the entire piece that I am trying
>to get working:
>>
>Dim objConn
>Dim strConnect, sql, rs
>Dim strGCId
>>
>strGCId = Request.QueryString("gcID")
>strConnect = "Driver={Microsoft Access Driver (*.mdb)};
>DBQ=\\CALSJ1\PMAPPS\contactsData.mdb"
>>
>Set objConn = Server.CreateObject ("ADODB.Connection")
>>
>Set rs = Server.CreateObject ("ADODB.Recordset")
>>
>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>c.GCID = g.gcID WHERE c.GCID=" & strGCId
>>
>'SQL="SELECT tblContacts.*, tblGC.* FROM tblContacts INNER JOIN
>tblGC ON tblContacts.GCID = tblGC.gcID WHERE tblContacts.GCID="
>& strGCId
>>
>RS.Open sql, strConnect, adOpenStatic
>>
>>
>>
> response.write "<table>"
>>
> response.write "<tr>"
> response.write "<td><br><h2>" & RS("Company") & "</td>"
> response.write "</tr>"
> response.write "<tr>"
> response.write "<td><h4>" & RS("Address1") & "</b></td>" '
> response.write "</tr>"
> response.write "<tr>"
> response.write "<td><h4>" & RS("City") & "," & RS("State") &
>" " & RS("ZipCode") & "</b></td>"
> response.write "</tr>"
> response.write "<tr>"
>response.write "<td><a href=" & RS("WebsiteURL") & ">" &
>RS("WebsiteURL") & "</a><br><br></td>"
>response.write "</tr>"
>response.write "</table>"
>>
>response.write "<table border=0>"
>response.write "<tr>"
>response.write "<td width=200><b>Name</b></td><td
>width=150><b>Phone</b></td><td><b>Mobile</b></td>"
>response.write "</tr>"
>>
> Do While Not RS.EOF
>>
>response.write "<tr>"
>response.write "<td valign=top>" & RS("contactFirst") &
>" " & RS("contactLast") & "<br>" & RS("contactTitle") &
>"</td>" response.write "<td valign=top>" & RS("WorkPhone") &
>"<br>Ext " & RS("contactPhoneExt") & "</td>"
>response.write "<td valign=top>" & RS("contactMobile") & "</td>"
>>
>response.write "</tr>"
>response.write "<tr>"
>response.write "<td colspan=3 valign=top><a href=mailto:" &
>RS("contactEmail") & ">" & RS("contactEmail") &
>"</a><br><br></td>" response.write "</tr>"
>response.write "<tr>"
>response.write "<td colspan=3><hr></td>"
>response.write "</tr>"
>>
>RS.MoveNext
> Loop
>>
>response.write "</table>"
>>
>rs.close
>>
>>
>>
>%>
>Bob Barrows [MVP] wrote:
>>This is the second easiest*, and most secure, way I know.
>>>
>>More difficult (IMO) is to use dynamic sql: i.e., concatenate
>>the value of
>>the variable into the string. It would work like this, given
>>that GCID has a
>>numeric datatype:
>>>
>>sql = " ... WHERE c.GCID = " & strGCID
>>'for debugging when things go wrong:
>>Response.Write sql
>>>
>>To me, thistechnique is more difficult because you have to deal
>>with delimiters, both when forming the sql statement, and also
>>when the data contains characters that are considered to be
>>delimiters by the database engine. A huge percentage of the
>>questions we answer on these groups are a
>>result of the incorrect handling of delimiter characters. Here
>>is one of my
>>older posts where I talk about how to handle delimiters in
>>dynamic sql:
>>>
http://groups.google.com/group/micro...UTF-8&oe=UTF-8
>>>>>>>
>>The other MAJOR problem with dynamic sql is SQL Injection,
>>which is discussed in these articles:
>>http://mvp.unixwiz.net/techtips/sql-injection.html
>>http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>>http://www.nextgenss.com/papers/adva..._injection.pdf
>>http://www.nextgenss.com/papers/more..._injection.pdf
>>>
>>>
>>*The post I cited above shows what I consider to be the easiest
>>way to pass
>>values into sql statements.
>>>
>>Matt wrote:
>>>Is there an easier way just to put the variable in the SQL
>>>Select statement?
>>>Thanks
>>>>
>>>>
>>>Bob Barrows [MVP] wrote:
>>>>Matt wrote:
>>>>>I need to add the following variable into an SQL statement
>>>>>and not sure how to do it.
>>>>>>
>>>>>strGCID needs to be inserted into the following statement:
>>>>>>
>>>>>SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN
>>>>>tblGC ON
>>>>>
>>>>http://www.aspfaq.com/show.asp?id=2096
>>>>>
>>>>>tblContacts.GCID = tblGC.gcID WHERE
>>>>>(((tblContacts.GCID)=strGCID))"
>>>>>>
>>>>>i am just not sure of the proper syntax.
>>>>>
>>>>Here is the secure way:
>>>>>
>>>>>
>>>>SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
>>>>c.GCID = g.gcID WHERE c.GCID=?"
>>>>>
>>>>dim arParms
>>>>arParms=array(strGCID)
>>>>dim cmd,rs
>>>>set cmd=createobject("adodb.command")
>>>>cmd.commandtext=sql
>>>>cmd.commandtype=1 'adCmdText
>>>>set cmd.activeconnection=objConn
>>>>set rs = cmd.execute(,arParms)
>>>>>
>>>>--
>>>>Microsoft MVP - ASP/ASP.NET
>>>>Please reply to the newsgroup. This email account is my spam
>>>>trap so I don't check it very often. If you must reply
>>>>off-line, then remove the "NO SPAM"
>>>
>>--
>>Microsoft MVP - ASP/ASP.NET
>>Please reply to the newsgroup. This email account is my spam
>>trap so I don't check it very often. If you must reply
>>off-line, then remove the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will
get a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Alexander Zatvornitskiy |
last post by:
Hello All!
I'am novice in python, and I find one very bad thing (from my point of view) in
language. There is no keyword or syntax to declare variable, like 'var' in
Pascal, or special syntax in...
|
by: Graham |
last post by:
This has to do with class variables and instances variables.
Given the following:
<code>
class _class:
var = 0
#rest of the class
|
by: claus.hirth |
last post by:
Does the term 'host variable' cover a variable locally declared in a
SQL-PL stored procedure?
I am asking this question in the context of the SELECT INTO statement.
|
by: Wing |
last post by:
Hi all,
I am writing a function that can change the value "Quantity" in the
selected row of MS SQL table "shoppingCart", my code is showing below
...
|
by: Russ Chinoy |
last post by:
Hi,
This may be a totally newbie question, but I'm stumped.
If I have a function such as:
function DoSomething(strVarName) {
.....
}
|
by: pbmods |
last post by:
VARIABLE SCOPE IN JAVASCRIPT
LEVEL: BEGINNER/INTERMEDIATE (INTERMEDIATE STUFF IN )
PREREQS: VARIABLES
First off, what the heck is 'scope' (the kind that doesn't help kill the germs that cause...
|
by: Florian Loitsch |
last post by:
hi,
What should be the output of the following code-snippet?
===
var x = "global";
function f() {
var x = 0;
eval("function x() { return false; }");
delete x;
alert(x);
}
|
by: Al G |
last post by:
Hi,
I'm converting a bit of POP3 VB6 code to VB2005, and have run into this
error with the following code.
Can someone help me find out what I'm missing/doing wrong?
'holds the attachments...
|
by: teddysnips |
last post by:
Weird.
I have taken over responsibility for a legacy application, Access 2k3,
split FE/BE.
The client has reported a problem and I'm investigating. I didn't
write the application.
The...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
