Here's the offending snippet of code:
Expand|Select|Wrap|Line Numbers
- sql = "SELECT DISTINCT name, extension FROM Employees WHERE name = " & Request.Form("name")
Here's the complete code (keep in mind that I'm still testing it, so it may not entirely make sense; first, I tried to get it to output something, now I'm at the point of trying to narrow down the output to just what I actually need).
Expand|Select|Wrap|Line Numbers
- <%@ LANGUAGE = "VBSCRIPT" %>
- <% Option Explicit %>
- <% If Request.Form("name") <> "" And Request.Form("extension") <> "" Then %>
- <%
- On Error Resume Next
- Dim MyConnection, sql, rsRecords, results
- sql = "SELECT DISTINCT name, extension FROM Employees WHERE name = " & Request.Form("name")
- Set MyConnection = Server.CreateObject("ADODB.Connection")
- Set rsRecords = Server.CreateObject("ADODB.RecordSet")
- MyConnection.Open("employee")
- rsRecords.Open sql, MyConnection
- %>
- <% If rsRecords.EOF Then %>
- <H2> No records found </H2>
- <%End If %>
- <%
- While Not rsRecords.EOF
- results = rsRecords("name") & "  " & rsRecords("extension") & "<BR>"
- Response.Write(results)
- rsRecords.MoveNext
- WEND
- rsRecords.Close
- MyConnection.Close
- Set MyConnection = Nothing
- %>
- <%
- Else
- %>
- <HTML>
- <HEAD>
- <TITLE>Database Connection</TITLE>
- </HEAD>
- <BODY onLoad = "document.searchDB.name.focus()">
- <H3> Please Enter the Name and Extension You're Searching For: </H3>
- <TABLE>
- <FORM NAME = "searchDB" METHOD = "post" ACTION = "ASPDBtest.asp">
- <TR><TD ALIGN = "left"><B>Name</B>
- <TD><INPUT TEXT = "text" NAME = "name" SIZE = "25">
- <TR><TD ALIGN = "left"><B>Extension</B>
- <TD><INPUT TEXT = "text" NAME = "extension" SIZE = "25">
- <TR><TD COLSPAN = "2" ALIGN = "left">
- <TD><INPUT TYPE = "Submit" VALUE = "Submit">
- <TD><INPUT TYPE = "Reset" VALUE = "Reset">
- </FORM>
- </TABLE>
- </BODY>
- </HTML>
- <%End If%>