By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,938 Members | 1,555 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,938 IT Pros & Developers. It's quick & easy.

general questions: best practices

P: n/a
Yesterday, I posted a problem which, by the way, I haven't been able to
solve yet. But in Aaron's reply, he questioned why I did several things the
way I did. My short answer is that I have a lot to learn, but now I'd like
to ask anyone who reads this, including Aaron, for some clarification. I
imagine others might benefit, too.

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote
A few suggestions. (3) why do you constantly set rs = createobject("ADODB.Recordset") but never destroy any of them?

I went back and took care of it with this: set rs = nothing

My question is, is this enough?

(4) why are you allowing values from request.querystring into your SQL statements unchecked? Have you tried something like... DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20' b

Never thought of that. Is that really an issue for an Intranet, though?
(5) why are you using ADODB.Recordset at all? These all seem to be forward-only, static recordsets.

I don't really understand this question/statement. Is there another kind of
recordset?

Here is a rewrite of the first portion. <!-- #INCLUDE FILE="includes/functions.asp" -->
<!-- #INCLUDE FILE="includes/argodbinc.asp" -->
<!-- #INCLUDE FILE="includes/colors.inc" -->
<%
function fixVal(s)
s = replace(request.QueryString(s), "'", "''"))
end function


Does this just take the apostrophes from the querystring? Is that just to
keep it from being used by a malicious person who would put an evil SQL
statement?


Jul 19 '05 #1
Share this Question
Share on Google+
37 Replies


P: n/a
"middletree" wrote ...
I went back and took care of it with this: set rs = nothing
My question is, is this enough?
aye, remember to close the connection aswell when you're done with it.
DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20' b

Never thought of that. Is that really an issue for an Intranet, though?


Yeppo - imagine the fun that could be had by a clued up developer just
before he leaves disgruntled...goodbye important database content...you can
read up on this - try doing a Google search for SQL Injection.

Replacing the ' I believe is one solution...
I don't really understand this question/statement. Is there another kind of recordset?
You can use 'curosors' within recordsets, the allow you to move BACK and
FORTH between the records you return in the recordset, if you do not need to
ever move back, and only forward - as Aaron mentions above etc...
s = replace(request.QueryString(s), "'", "''"))

Does this just take the apostrophes from the querystring?
It wont 'take' them away - it simply replaces them with 2 apostrophes
Is that just to keep it from being used by a malicious person who would put an evil SQL statement?


hehe - 'evil' - hehe - yes :)

Note, I am not as clued up as many here, so the above are only my
suggestions/opinions and thoughts - dont take 'em as gospel (unless I'm
correct in which case feel free to send me crates of copperfields sweet
sherry!)

Hope I helped,

Regards

Rob
Jul 19 '05 #2

P: n/a

"middletree" <mi********@htomail.com> wrote in message
news:Om****************@TK2MSFTNGP11.phx.gbl...


I went back and took care of it with this: set rs = nothing

My question is, is this enough?
Do:

rs.Close
Set rs = Nothing


(4) why are you allowing values from request.querystring into your SQL
statements unchecked? Have you tried something like...

DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20' b

Never thought of that. Is that really an issue for an Intranet, though?


Yes! Sure, you can fire someone for dropping a table or something, but that
doesn't mean you should allow it to happen.

(5) why are you using ADODB.Recordset at all? These all seem to be
forward-only, static recordsets.

I don't really understand this question/statement. Is there another kind

of recordset?

YEah. If Aaron did not already post this link, read this when you have a
few moments.
http://www.aspfaq.com/2191

function fixVal(s)
s = replace(request.QueryString(s), "'", "''"))
end function


Does this just take the apostrophes from the querystring? Is that just to
keep it from being used by a malicious person who would put an evil SQL
statement?


It's to keep the ' from your SQL query, since ' is a delimiter in SQL.
Example:

sVar = "O'Brien"
sSQL = "SELECT Something FROM SomeTable WHERE LastName='" & sVar & "'"

That will result in a string of:
SELECT Something FROM SomeTable WHERE LastName='O'Brien'

That ' in the O'Brien will be the end of the string, and then SQL will see
Brien' and get confused. The way to escape the ' is to double it up, so the
string would wind up looking like:
SELECT Something FROM SomeTable WHERE LastName='O''Brien'

Passing the value through the fixVal function will double up any instances
of '.

Does that make sense?

Ray at work

p.s. For pleasure reading, download the whole aspfaq.com FAQ in pdf format
and read it over the weekend. It's very cool of Aaron to offer that whole
thing as a pdf.



Jul 19 '05 #3

P: n/a
"middletree" <mi********@htomail.com> wrote in message
news:Om****************@TK2MSFTNGP11.phx.gbl...
"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote
A few suggestions.

(3) why do you constantly set rs = createobject("ADODB.Recordset") but

never destroy any of them?

I went back and took care of it with this: set rs = nothing

My question is, is this enough?

You should close them when you are done with them:

rs.close
set rs = nothing

(4) why are you allowing values from request.querystring into your SQL

statements unchecked? Have you tried something like...

DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20' b

Never thought of that. Is that really an issue for an Intranet, though?

Do you want to risk it? One day you might wake up with no records in the
database an not know what happened to them. :)

Here is a rewrite of the first portion.

<!-- #INCLUDE FILE="includes/functions.asp" -->
<!-- #INCLUDE FILE="includes/argodbinc.asp" -->
<!-- #INCLUDE FILE="includes/colors.inc" -->
<%
function fixVal(s)
s = replace(request.QueryString(s), "'", "''"))
end function


Does this just take the apostrophes from the querystring? Is that just to
keep it from being used by a malicious person who would put an evil SQL
statement?


This replaces one single quotes with two single quotes. This is how you
escape the single quote. It should take care of the evil SQL statement I
think, but it also takes care of situations where your data contains a
single quote. For example, if I wanted to insert the string:

I don't like this

Then your SQL string would end when it encountered the single quote in that
string. The code above would replace the single quote so the string looked
like this:

I don''t like this

Your SQL string would then be valid.

Hope this helps.

Regards,
Peter Foti
Jul 19 '05 #4

P: n/a
middletree wrote:
Yesterday, I posted a problem which, by the way, I haven't been able
to solve yet. But in Aaron's reply, he questioned why I did several
things the way I did. My short answer is that I have a lot to learn,
but now I'd like to ask anyone who reads this, including Aaron, for
some clarification. I imagine others might benefit, too.

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote
A few suggestions.
(3) why do you constantly set rs = createobject("ADODB.Recordset")
but

never destroy any of them?

I went back and took care of it with this: set rs = nothing

My question is, is this enough?


There are situations where an open recordset cannot be set to nothing. It is
best to explicitly close it before setting it to nothing:
rs.close:set rs=nothing

(4) why are you allowing values from request.querystring into your
SQL
statements unchecked? Have you tried something like...

DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20'
b

Never thought of that. Is that really an issue for an Intranet,
though?


Yes. Has there never been a disgruntled employee in your company?
Some very secure networks have been hacked. Are you sure yours is up to the
task of defeating a determined hacker?
(5) why are you using ADODB.Recordset at all? These all seem to be

forward-only, static recordsets.


Ummm, this is a contradiction :-) I'm sure the word "static" was used
accidently here.


I don't really understand this question/statement. Is there another
kind of recordset?

No. It's Aaron's way of saying that you do not have to explicitly use
createobject to create the recordset object. Bottom line: whether you use an
explicit "Set rs=server.createobject("adodb.recordset")" statement or not,
you will get an adodb.recordset object from the connection.execute method.

However, there is a slight performance hit when you use createobject to
create the recordset. Here's why: when you use createobject, you're telling
ADO to build a recordset object, and set a reference to that object in your
variable. This is great if you are planning to create an ad hoc recordset by
appending fields to the Fields collection, or if you are planning to use the
Open method to open a non-default recordset after setting the appropriate
cursor type and location properties.

However, when you use connection.execute, ADO does the following:
1. creates a Command object to handle the execution of the query
2. creates a Recordset object to contain the results of the query (unless
you tell it not to by using the adExecuteNoRecords option in the third
argument of the Execute statement)
3. Sets a reference to the new recordset object in the variable which is
receiving the results.If that variable already references another object,
that reference is destroyed, causing the referenced object to be destroyed
as well.

So, if you use createobject, you've created a recordset that will only be
destroyed when the connection.execute method is run. It's a performance hit,
but it's very slight. However:

Best practice is to skip the createobject statement when using Execute to
retrieve data into a recordset.
Here is a rewrite of the first portion.
<!-- #INCLUDE FILE="includes/functions.asp" -->
<!-- #INCLUDE FILE="includes/argodbinc.asp" -->
<!-- #INCLUDE FILE="includes/colors.inc" -->
<%
function fixVal(s)
s = replace(request.QueryString(s), "'", "''"))
end function


Does this just take the apostrophes from the querystring?

No. It replaces single apostrophes with two apostrophes, so that the
database engine will interpret them as literal quotes instead of delimiters.
Is that
just to keep it from being used by a malicious person who would put
an evil SQL statement?


Yes, but a better technique would be to use a stored procedure and a Command
object (or the procedure-as-connection-method technique).

HTH,
Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #5

P: n/a

"middletree" <mi********@htomail.com> wrote in message
news:Om****************@TK2MSFTNGP11.phx.gbl...
Yesterday, I posted a problem which, by the way, I haven't been able to
solve yet. But in Aaron's reply, he questioned why I did several things the way I did. My short answer is that I have a lot to learn, but now I'd like
to ask anyone who reads this, including Aaron, for some clarification. I
imagine others might benefit, too.

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote
A few suggestions.
(3) why do you constantly set rs = createobject("ADODB.Recordset") but

never destroy any of them?

I went back and took care of it with this: set rs = nothing

My question is, is this enough?

(4) why are you allowing values from request.querystring into your SQL

statements unchecked? Have you tried something like...

DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20' b

Never thought of that. Is that really an issue for an Intranet, though?


I trust my intranet users less than I trust the general public!
See http://www.sqlsecurity.com/DesktopDe...ndex=2&tabid=3
(5) why are you using ADODB.Recordset at all? These all seem to be
forward-only, static recordsets.

I don't really understand this question/statement. Is there another kind

of recordset?
I almost never (read never) need a recordset object.
Here is a rewrite of the first portion.
<!-- #INCLUDE FILE="includes/functions.asp" -->
<!-- #INCLUDE FILE="includes/argodbinc.asp" -->
<!-- #INCLUDE FILE="includes/colors.inc" -->
<%
function fixVal(s)
s = replace(request.QueryString(s), "'", "''"))
end function


Does this just take the apostrophes from the querystring? Is that just to
keep it from being used by a malicious person who would put an evil SQL
statement?



Jul 19 '05 #6

P: n/a
Mike wrote:
I almost never (read never) need a recordset object.


:-)
So you never need to retrieve data from a database?

Are you sure you didn't mean to say "I never use createobject to create my
recordset objects"?

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #7

P: n/a
The key word there is "object." If I never create an object using
createobject do I ever have an object. I say no! So to reiterate. "I
almost never (read never) need a recordset object"

:-)

Mike
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:eW**************@tk2msftngp13.phx.gbl...
Mike wrote:
I almost never (read never) need a recordset object.


:-)
So you never need to retrieve data from a database?

Are you sure you didn't mean to say "I never use createobject to create my
recordset objects"?

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #8

P: n/a
Whoah...
<%
Set rs = YourADOConnection.Execute(YourSQLQuery)
Response.Write VarType(rs)
'or
Response.Write IsObject(rs)
'etc.
%>

Ray at work

"Mike" <Mi**@nospam.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
The key word there is "object." If I never create an object using
createobject do I ever have an object. I say no! So to reiterate. "I
almost never (read never) need a recordset object"

:-)

Mike

Jul 19 '05 #9

P: n/a
OK, thanks.

"Rob Meade" <ro********@NO-SPAM.kingswoodweb.net> wrote in message
news:Az*********************@news-text.cableinet.net...
"middletree" wrote ...
I went back and took care of it with this: set rs = nothing
My question is, is this enough?
aye, remember to close the connection aswell when you're done with it.
DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20'
b
Never thought of that. Is that really an issue for an Intranet, though?


Yeppo - imagine the fun that could be had by a clued up developer just
before he leaves disgruntled...goodbye important database content...you

can read up on this - try doing a Google search for SQL Injection.

Replacing the ' I believe is one solution...
I don't really understand this question/statement. Is there another kind of
recordset?


You can use 'curosors' within recordsets, the allow you to move BACK and
FORTH between the records you return in the recordset, if you do not need

to ever move back, and only forward - as Aaron mentions above etc...
s = replace(request.QueryString(s), "'", "''"))
Does this just take the apostrophes from the querystring?


It wont 'take' them away - it simply replaces them with 2 apostrophes
Is that just to keep it from being used by a malicious person who would

put an evil SQL
statement?


hehe - 'evil' - hehe - yes :)

Note, I am not as clued up as many here, so the above are only my
suggestions/opinions and thoughts - dont take 'em as gospel (unless I'm
correct in which case feel free to send me crates of copperfields sweet
sherry!)

Hope I helped,

Regards

Rob

Jul 19 '05 #10

P: n/a
> p.s. For pleasure reading, download the whole aspfaq.com FAQ in pdf
format
and read it over the weekend. It's very cool of Aaron to offer that whole
thing as a pdf.


Except that's 10 months out of date.

I'm working on a new solution.
Jul 19 '05 #11

P: n/a
"Peter Foti" <pe****@systolicnetworks.com> wrote in message
news:vp************@corp.supernews.com...

Hope this helps.


Yes, it does, thanks
Jul 19 '05 #12

P: n/a
Perhaps you could schedule it to update automatically. Here's how you can
schedule things. http://www.aspfaq.com/2143 :P

Ray at work

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:OP**************@TK2MSFTNGP10.phx.gbl...
p.s. For pleasure reading, download the whole aspfaq.com FAQ in pdf

format
and read it over the weekend. It's very cool of Aaron to offer that whole thing as a pdf.


Except that's 10 months out of date.

I'm working on a new solution.

Jul 19 '05 #13

P: n/a

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
(5) why are you using ADODB.Recordset at all? These all seem to be
forward-only, static recordsets.

I don't really understand this question/statement. Is there another kind of recordset?

YEah. If Aaron did not already post this link, read this when you have a
few moments.
http://www.aspfaq.com/2191


Yes, I have read this article before. What I got out of it was that you
shouldn't do a RS if you're not getting any data returned. I was thinking
that I was getting data returned in the code to which Aaron was referring.
p.s. For pleasure reading, download the whole aspfaq.com FAQ in pdf format and read it over the weekend. It's very cool of Aaron to offer that whole
thing as a pdf.


I will download it and you are correct when you say it's great of Aaron to
do that, to have that site, etc. I've learned a lot from him, the site, and
this forum.
Having said that, I won't be reading it over the weekend. Something about
having a pregnant wife, twin 2-year-olds, a yard to mow, and a cat to feed.
Well, I can always choose the pdf over the cat.
Jul 19 '05 #14

P: n/a
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote
I don't really understand this question/statement. Is there another
kind of recordset?

No. It's Aaron's way of saying that you do not have to explicitly use
createobject to create the recordset object. Bottom line: whether you use

an explicit "Set rs=server.createobject("adodb.recordset")" statement or not,
you will get an adodb.recordset object from the connection.execute method.

However, there is a slight performance hit when you use createobject to
create the recordset. Here's why: when you use createobject, you're telling ADO to build a recordset object, and set a reference to that object in your variable. This is great if you are planning to create an ad hoc recordset by appending fields to the Fields collection, or if you are planning to use the Open method to open a non-default recordset after setting the appropriate
cursor type and location properties.

However, when you use connection.execute, ADO does the following:
1. creates a Command object to handle the execution of the query
2. creates a Recordset object to contain the results of the query (unless
you tell it not to by using the adExecuteNoRecords option in the third
argument of the Execute statement)
3. Sets a reference to the new recordset object in the variable which is
receiving the results.If that variable already references another object,
that reference is destroyed, causing the referenced object to be destroyed
as well.

So, if you use createobject, you've created a recordset that will only be
destroyed when the connection.execute method is run. It's a performance hit, but it's very slight. However:

Best practice is to skip the createobject statement when using Execute to
retrieve data into a recordset.

I really don't understand the above too well, but I'll keep digesting it.

Thanks
Jul 19 '05 #15

P: n/a

"Mike" <Mi**@nospam.com> wrote in message
news:Og**************@TK2MSFTNGP11.phx.gbl...
See http://www.sqlsecurity.com/DesktopDe...ndex=2&tabid=3


This is a helpful article. Thanks
Jul 19 '05 #16

P: n/a
"middletree" <mi********@htomail.com> wrote in message
news:uQ**************@tk2msftngp13.phx.gbl...
Well, I can always choose the pdf over the cat.


echo middletree>>C:\vendetta.log

Ray at work, father to seven cats
Jul 19 '05 #17

P: n/a
> Ray at work, father to seven cats

Uh, yikes. I would have slept easier tonight, had "father" been replaced by
"owner"...
Jul 19 '05 #18

P: n/a
On Tue, 28 Oct 2003 12:12:53 -0600, "middletree"
<mi********@htomail.com> wrote:
Yesterday, I posted a problem which, by the way, I haven't been able to
solve yet. But in Aaron's reply, he questioned why I did several things the
way I did. My short answer is that I have a lot to learn, but now I'd like
to ask anyone who reads this, including Aaron, for some clarification. I
imagine others might benefit, too.

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote
A few suggestions.
(3) why do you constantly set rs = createobject("ADODB.Recordset") but
never destroy any of them? I went back and took care of it with this: set rs = nothing
My question is, is this enough?
I do:

rs.close
Set rs=nothing

And similarly, at the end of the connection use, I close the
connection:

conn.close
Set conn = nothing
(4) why are you allowing values from request.querystring into your SQL
statements unchecked? Have you tried something like...
DisplaySortableTickets.asp?strStatus=a';DELETE%20T KT_STATUS;SELECT%20' b Never thought of that. Is that really an issue for an Intranet, though?
It's a great habit. You never know when that intranet code will be
pasted to an extranet or internet page by someone else. Take a look
at the SQL injection FAQ:

http://www.sqlsecurity.com/DesktopDe...ndex=2&tabid=3

Having said that, I'm always running into older code where I didn't
pay attention either. :)
(5) why are you using ADODB.Recordset at all? These all seem to be
forward-only, static recordsets. I don't really understand this question/statement. Is there another kind of
recordset?


The best reference to answer this is:

http://www.aspfaq.com/show.asp?id=2191
Here is a rewrite of the first portion.

<!-- #INCLUDE FILE="includes/functions.asp" -->
<!-- #INCLUDE FILE="includes/argodbinc.asp" -->
<!-- #INCLUDE FILE="includes/colors.inc" -->
<%
function fixVal(s)
s = replace(request.QueryString(s), "'", "''"))
end function


Does this just take the apostrophes from the querystring? Is that just to
keep it from being used by a malicious person who would put an evil SQL
statement?


This function doubles any single quotes in your string before you use
it in a SQL query. SQL treats a single quote as a delimiter, so if
you had a single quote in your string and tried to INSERT it for
example, it would chop off past the single quote in the string, which
likely isn't what you want. Doubled single quotes escapes the single
quote in the query.

Jeff
Jul 19 '05 #19

P: n/a
I did write "owner" at first, but then deleted it. I was listening to the
slavery story on NPR this morning on the way to work, and I didn't want to
mis-speak about my cats.

Ray at work

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Ray at work, father to seven cats
Uh, yikes. I would have slept easier tonight, had "father" been replaced

by "owner"...

Jul 19 '05 #20

P: n/a
On Tue, 28 Oct 2003 14:40:00 -0500, "Mike" <Mi**@nospam.com> wrote:
The key word there is "object." If I never create an object using
createobject do I ever have an object. I say no! So to reiterate. "I
almost never (read never) need a recordset object"
Just because you don't explicitly create the object doesn't mean it
doesn't exist. Any code I've seen without a CreateObject has
implicitly created the object anyway.

Jeff
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:eW**************@tk2msftngp13.phx.gbl...
Mike wrote:
> I almost never (read never) need a recordset object.


:-)
So you never need to retrieve data from a database?

Are you sure you didn't mean to say "I never use createobject to create my
recordset objects"?

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


Jul 19 '05 #21

P: n/a
Well OKAY you got me. I never use CreateObject for recordsets!

:-((

Ray,

I bet my dog could take your cats

Mike

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:eT**************@TK2MSFTNGP11.phx.gbl...
Whoah...
<%
Set rs = YourADOConnection.Execute(YourSQLQuery)
Response.Write VarType(rs)
'or
Response.Write IsObject(rs)
'etc.
%>

Ray at work

"Mike" <Mi**@nospam.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
The key word there is "object." If I never create an object using
createobject do I ever have an object. I say no! So to reiterate. "I
almost never (read never) need a recordset object"

:-)

Mike


Jul 19 '05 #22

P: n/a
A local high school here has the nickname "the Bearcats" Some sort of weird
genetic experiment, I figure.
"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:u2**************@TK2MSFTNGP12.phx.gbl...
I did write "owner" at first, but then deleted it. I was listening to the
slavery story on NPR this morning on the way to work, and I didn't want to
mis-speak about my cats.

Ray at work

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Ray at work, father to seven cats
Uh, yikes. I would have slept easier tonight, had "father" been

replaced by
"owner"...


Jul 19 '05 #23

P: n/a
> I did write "owner" at first, but then deleted it. I was listening to the
slavery story on NPR this morning on the way to work, and I didn't want to
mis-speak about my cats.


So you'd rather portray images of beastiality? :-0
Jul 19 '05 #24

P: n/a

"Mike" <Mi**@nospam.com> wrote in message
news:uZ**************@TK2MSFTNGP09.phx.gbl...
I bet my dog could take your cats


No way man. My one cat is one 16 pound muscle with legs, and he can kick
ass on anything!

Ray at work
Jul 19 '05 #25

P: n/a

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
So you'd rather portray images of beastiality? :-0


I love my cats.

Ray at work
Jul 19 '05 #26

P: n/a
> Never thought of that. Is that really an issue for an Intranet, though?

Not all foobars like that are malicious. You also need to protect yourself
from the boneheads with errant copy & pastes, etc. And we *know* we all
have those people within our intranets. :-)
Jul 19 '05 #27

P: n/a
Good point. Thanks.
"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:uH**************@TK2MSFTNGP12.phx.gbl...
Never thought of that. Is that really an issue for an Intranet, though?
Not all foobars like that are malicious. You also need to protect

yourself from the boneheads with errant copy & pastes, etc. And we *know* we all
have those people within our intranets. :-)

Jul 19 '05 #28

P: n/a
I have 5. That's about all the neighbors can handle. It had
something to do with their flower beds but I always ignore them when
they are in one of those moods.

--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message news:eL*************@tk2msftngp13.phx.gbl...
"middletree" <mi********@htomail.com> wrote in message
news:uQ**************@tk2msftngp13.phx.gbl...
Well, I can always choose the pdf over the cat.


echo middletree>>C:\vendetta.log

Ray at work, father to seven cats

Jul 19 '05 #29

P: n/a
echo Phillip Windell>>C:\coollist.log

Ray at work

"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:eH**************@TK2MSFTNGP12.phx.gbl...
I have 5. That's about all the neighbors can handle. It had
something to do with their flower beds but I always ignore them when
they are in one of those moods.

Jul 19 '05 #30

P: n/a
>Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message news:O1**************@tk2msftngp13.phx.gbl...
I bet my dog could take your cats
No way man. My one cat is one 16 pound muscle with legs, and he can

kick ass on anything!


One of the neighbors has a huge black one that got in my house. It and
mine had a debate about the situation that I tried to interveine with
and simply put the neighbor's cat outside. The thing chomped down on
my hand and I think it went clear to the bone. As it scambled past me,
feet and claws everywhere, I realized how important is was for me to
not be without a shirt (as I wasn't). I look like I crashed into a
barb-wire fence. I ended up at the doctor's office over that one and
the hand just got nimble enought to type yesterday.
--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com
Jul 19 '05 #31

P: n/a
Whenever I see a neighbors cat in one of my flower beds I turn my dog loose.
I imagine some cats are still running.
Mike
"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:eH**************@TK2MSFTNGP12.phx.gbl...
I have 5. That's about all the neighbors can handle. It had
something to do with their flower beds but I always ignore them when
they are in one of those moods.

--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message news:eL*************@tk2msftngp13.phx.gbl...
"middletree" <mi********@htomail.com> wrote in message
news:uQ**************@tk2msftngp13.phx.gbl...
Well, I can always choose the pdf over the cat.


echo middletree>>C:\vendetta.log

Ray at work, father to seven cats


Jul 19 '05 #32

P: n/a

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:eL*************@tk2msftngp13.phx.gbl...
"middletree" <mi********@htomail.com> wrote in message
news:uQ**************@tk2msftngp13.phx.gbl...
Well, I can always choose the pdf over the cat.


echo middletree>>C:\vendetta.log

For the record, I love my cat. No need for a vendetta.
Jul 19 '05 #33

P: n/a
Man, be careful!!!! I hope the cat's okay too.

Okay, no need for anyone to yell about off-topic posts. That's all. :]

Ray at work

"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:Oh**************@TK2MSFTNGP12.phx.gbl...

One of the neighbors has a huge black one that got in my house. It and
mine had a debate about the situation that I tried to interveine with
and simply put the neighbor's cat outside. The thing chomped down on
my hand and I think it went clear to the bone. As it scambled past me,
feet and claws everywhere, I realized how important is was for me to
not be without a shirt (as I wasn't). I look like I crashed into a
barb-wire fence. I ended up at the doctor's office over that one and
the hand just got nimble enought to type yesterday.
--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com

Jul 19 '05 #34

P: n/a
That's already. My vendettaness has now been transferred to Mike. :]

Ray at work

"middletree" <mi********@htomail.com> wrote in message
news:eP**************@tk2msftngp13.phx.gbl...

For the record, I love my cat. No need for a vendetta.

Jul 19 '05 #35

P: n/a
Well, If I ever find someone's dog jambed halfway through my cats' Pet
Door I'll let the cats deal with what is left hanging out.
--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com

"Mike" <Mi**@nospam.com> wrote in message
news:un**************@TK2MSFTNGP12.phx.gbl...
Whenever I see a neighbors cat in one of my flower beds I turn my dog loose. I imagine some cats are still running.
Mike
"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:eH**************@TK2MSFTNGP12.phx.gbl...
I have 5. That's about all the neighbors can handle. It had
something to do with their flower beds but I always ignore them when they are in one of those moods.

--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message news:eL*************@tk2msftngp13.phx.gbl...
"middletree" <mi********@htomail.com> wrote in message
news:uQ**************@tk2msftngp13.phx.gbl...
> Well, I can always choose the pdf over the cat.

echo middletree>>C:\vendetta.log

Ray at work, father to seven cats



Jul 19 '05 #36

P: n/a
middletree wrote:
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote
I really don't understand the above too well, but I'll keep digesting
it.

OK, let me try again. Let's illustrate what happens when you execute these
two lines of code:

Set rs = server.createobject("adodb.recordset")
'ADO creates a closed recordset object and points rs at it

Set rs = conn.execute(strSQL)
'ADO creates a Command object which does the following 3
'things:
' 1. executes strSQL
' 2. creates a new, open recordset object to receive the results

'At this point, there are two recordset objects in memory: the one
'created by the createobject statement, and at which rs is still
'pointing, and the new one which was just created by the Command
'object

' 3. points rs at the new recordset

'So now rs is pointing at the new recordset. Now, there is no longer
'any variable pointing at the original, still-closed recordset, and so,
'it is released from memory

To sum up, when you use createobject("adodb.recordset") followed by
connection.execute (or command.execute) you have wound up creating two
recordset objects when you only intended to create one.

Is this a big deal? Not really. The initial recordset, with no Field objects
in its Fields collection, has a relatively small footprint in memory, is
created very quickly, and does not stay there very long. Still:

Best practice is to skip the createobject statement when using Execute to
retrieve data into a recordset.

Is that better?
Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #37

P: n/a
Makes sense. I will hold on to this.

Thanks
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl...
middletree wrote:
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote
I really don't understand the above too well, but I'll keep digesting
it.
OK, let me try again. Let's illustrate what happens when you execute these
two lines of code:

Set rs = server.createobject("adodb.recordset")
'ADO creates a closed recordset object and points rs at it

Set rs = conn.execute(strSQL)
'ADO creates a Command object which does the following 3
'things:
' 1. executes strSQL
' 2. creates a new, open recordset object to receive the results

'At this point, there are two recordset objects in memory: the one
'created by the createobject statement, and at which rs is still
'pointing, and the new one which was just created by the Command
'object

' 3. points rs at the new recordset

'So now rs is pointing at the new recordset. Now, there is no longer
'any variable pointing at the original, still-closed recordset, and so,
'it is released from memory

To sum up, when you use createobject("adodb.recordset") followed by
connection.execute (or command.execute) you have wound up creating two
recordset objects when you only intended to create one.

Is this a big deal? Not really. The initial recordset, with no Field

objects in its Fields collection, has a relatively small footprint in memory, is
created very quickly, and does not stay there very long. Still:

Best practice is to skip the createobject statement when using Execute to
retrieve data into a recordset.

Is that better?
Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #38

This discussion thread is closed

Replies have been disabled for this discussion.