I have an old web app that ues an Access database and ASP 3.0.
I need to build an INSERT statement based on the contents of a form.
What is the best way to handle blank text boxes that are submitted with the
form?
For example, I collect all my name/value pairs that are submitted with the
form like this...
sExample=Request.Form("txaExample")
sNote=Request.Form("txtNote")
iSourceID=Request.Form("cboSourceID")
iPageNo=Request.Form("txtPageNo")
sSourceRef=Request.Form("txtSourceRef")
....and then I build my INSERT statement like this...
sSQL = "INSERT INTO example (example, sourceid, sourceref, pageno, note)"
sSQL = sSQL & " VALUES ('" & sExample & "', "
sSQL = sSQL & cstr(iSourceID) & ", "
sSQL = sSQL & "'" & sSourceRef & "', "
sSQL = sSQL & cstr(iPageNo) & ", "
sSQL = sSQL & "'" & sNote & "' "
sSQL = sSQL & ")"
....but if some of the controls are left blank, I get an INSERT atatement
llike this...
INSERT INTO example (example, sourceid, sourceref, pageno, note) VALUES
('asgfgdsfhg', 6, '', , '' )
What is the value when an empty control is submitted?
isempty and isnull both return false even though nothing was submitted with
the form. I can test for a zero length (IF len(Note)=0) but is this the
best way to test?
IOW, test each value for zero length and if true, set the value equal to
NULL to get something like this...
INSERT INTO example (example, sourceid, sourceref, pageno, note) VALUES
('asgfgdsfhg', 6, NULL,NULL ,NULL )
Thanks for any insights. 3 3881
"Dave" <da*******@newsgroup.nospamwrote in message
news:u0**************@TK2MSFTNGP05.phx.gbl...
>I have an old web app that ues an Access database and ASP 3.0.
I need to build an INSERT statement based on the contents of a form.
What is the best way to handle blank text boxes that are submitted with
the form?
For example, I collect all my name/value pairs that are submitted with the
form like this...
sExample=Request.Form("txaExample")
sNote=Request.Form("txtNote")
iSourceID=Request.Form("cboSourceID")
iPageNo=Request.Form("txtPageNo")
sSourceRef=Request.Form("txtSourceRef")
...and then I build my INSERT statement like this...
sSQL = "INSERT INTO example (example, sourceid, sourceref, pageno, note)"
sSQL = sSQL & " VALUES ('" & sExample & "', "
sSQL = sSQL & cstr(iSourceID) & ", "
sSQL = sSQL & "'" & sSourceRef & "', "
sSQL = sSQL & cstr(iPageNo) & ", "
sSQL = sSQL & "'" & sNote & "' "
sSQL = sSQL & ")"
...but if some of the controls are left blank, I get an INSERT atatement
llike this...
INSERT INTO example (example, sourceid, sourceref, pageno, note) VALUES
('asgfgdsfhg', 6, '', , '' )
What is the value when an empty control is submitted?
isempty and isnull both return false even though nothing was submitted
with the form. I can test for a zero length (IF len(Note)=0) but is this
the best way to test?
IOW, test each value for zero length and if true, set the value equal to
NULL to get something like this...
INSERT INTO example (example, sourceid, sourceref, pageno, note) VALUES
('asgfgdsfhg', 6, NULL,NULL ,NULL )
Thanks for any insights.
The values that are being passed can be checked using the TypeName()
function. There's no reason why you can't execute "NSERT INTO example
(example, sourceid, sourceref, pageno, note) VALUES ('asgfgdsfhg', 6, '', ,
'' )". The Access database will put default values into the empty fields.
An easier way to do this kind of thing is to create a saved parameter query
in access and use that. It saves having to delimit values, escaping quotes
etc.
--
Mike Brind
Dave wrote:
I have an old web app that ues an Access database and ASP 3.0.
I need to build an INSERT statement based on the contents of a form.
What is the best way to handle blank text boxes that are submitted
with the form?
For example, I collect all my name/value pairs that are submitted
with the form like this...
sExample=Request.Form("txaExample")
sNote=Request.Form("txtNote")
iSourceID=Request.Form("cboSourceID")
iPageNo=Request.Form("txtPageNo")
sSourceRef=Request.Form("txtSourceRef")
...and then I build my INSERT statement like this...
sSQL = "INSERT INTO example (example, sourceid, sourceref, pageno,
note)" sSQL = sSQL & " VALUES ('" & sExample & "', "
sSQL = sSQL & cstr(iSourceID) & ", "
sSQL = sSQL & "'" & sSourceRef & "', "
sSQL = sSQL & cstr(iPageNo) & ", "
sSQL = sSQL & "'" & sNote & "' "
sSQL = sSQL & ")"
Further points to consider:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers: http://groups-beta.google.com/group/...e36562fee7804e
Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:
Access: http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl http://groups.google.com/groups?hl=e...tngp13.phx.gbl
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Thanks guys. The parameter queries work well.
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcomwrote in message
news:ed**************@TK2MSFTNGP03.phx.gbl...
Dave wrote:
>I have an old web app that ues an Access database and ASP 3.0.
I need to build an INSERT statement based on the contents of a form.
What is the best way to handle blank text boxes that are submitted with the form?
For example, I collect all my name/value pairs that are submitted with the form like this...
sExample=Request.Form("txaExample") sNote=Request.Form("txtNote") iSourceID=Request.Form("cboSourceID") iPageNo=Request.Form("txtPageNo") sSourceRef=Request.Form("txtSourceRef")
...and then I build my INSERT statement like this...
sSQL = "INSERT INTO example (example, sourceid, sourceref, pageno, note)" sSQL = sSQL & " VALUES ('" & sExample & "', " sSQL = sSQL & cstr(iSourceID) & ", " sSQL = sSQL & "'" & sSourceRef & "', " sSQL = sSQL & cstr(iPageNo) & ", " sSQL = sSQL & "'" & sNote & "' " sSQL = sSQL & ")"
Further points to consider:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers: http://groups-beta.google.com/group/...e36562fee7804e
Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:
Access: http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl
http://groups.google.com/groups?hl=e...tngp13.phx.gbl
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Bennett Haselton |
last post by:
I'm looking for a PHP tutorial that specializes in how to build sites
that are based around user logins. i.e. the user logs in on the front
page, and are taken to a main login page where fields on...
|
by: Sans Spam |
last post by:
Greetings! I have a table that contains all of the function
permissions within a given application. These functions are different
sections of a site and each has its own permissions (READ, WRITE,...
|
by: Stephen Patten |
last post by:
Hi All,
While in the process of building my table (40 or so Insert statments)
can I then query ("select * from @Table_variable") and use the results
up to theat point for another insert into...
|
by: Jack |
last post by:
Hi,
I have a sql statement in asp page as below
sql = " INSERT INTO tblExpense (ENO, EntryDate, ContractedServiceExpense, "
sql = sql & "TravelExpense, PersonnelExpense)"
sql = sql & "...
|
by: MLH |
last post by:
Building Applications with Microsoft Access 97 is a publication
I think I need. Is it available in book form? Is MicroSoft the sole
vendor? Anybody got a copy they wanna sell???
| |
by: Chris Ochs |
last post by:
The documentation doesn't have any examples of using an sql language
function to do an insert, andI am at loss as to I am doing wrong here.
The error I get trying to create the function is: ERROR:...
|
by: Geoffrey KRETZ |
last post by:
Hello,
I'm wondering if the following behaviour is the correct one for
PostGreSQL (7.4 on UNIX).
I've a table temp_tab with 5 fields (f1,f2,f3,...),and I'm a launching
the following request :...
|
by: Mossy |
last post by:
I am currently moving a table from a msSQL DB to a MySQL DB.
I am trying to build the bones of an insert statement by adding strings
to a select statement.
SELECT '(' + job_referenceno + ',...
|
by: john |
last post by:
All:
I'm a long-time developer, new to PHP....
Is there an idiom used in PHP to construct SQL statments from $_POST
data?
I would guess that in many applications, the data read from $_POST...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |