By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,419 Members | 1,609 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,419 IT Pros & Developers. It's quick & easy.

update

P: n/a
Hi

I have this sql lines but somehow they are not working.
Now I am not sure if it is correct. Could you please read the line and
tell me if it is correct?
pid is primary key in the table
visited is a numeric field.

I am trying to increase one number everytime this page is viewed.

sqlup="update products set visited=visited+1 where pid="&intValue
set rs=cn.execute(sqlup)

thanks
Ce****@gmail.com

Jun 7 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
cemal (ce****@gmail.com) writes:
I have this sql lines but somehow they are not working.
What does "not working" mean? Do you get unexpected results? Do you
get an error message? Are we supposed to guess?
Now I am not sure if it is correct. Could you please read the line and
tell me if it is correct?
Without knowing the business rules or anything? I'm afraid that that will
be difficult.
sqlup="update products set visited=visited+1 where pid="&intValue
set rs=cn.execute(sqlup)


Anyway, you need to learn to use parameterised commands:

cmd = new ADODB.Command
cmd.CommandType = adCommandText
cmd.CommandText = "update dbo.products set visited=visited+1 where pid=?"
md.Parameters.Append cmd.CreateParameter("@pid", _
adInteger, adParamInput, , intValue)
cmd.execute sqlup, adExecuteNoRecords

There is no need for record sets in this case, and add adExecuteNoRecords
to tell you don't expect data back.

You should always use parameterised statements and never interpolate
parameter values into your SQL strings. This so that the SQL Server
cache can be used effeciently. (To this end you should also specify
the table owner/schema in the query, as I have done above.) Another
very important reason is that parameterised statements protects you
against SQL injection - that a way for hackers to get into your site.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
Jun 7 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.