By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,967 Members | 815 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,967 IT Pros & Developers. It's quick & easy.

SQL - Updating Empty Text Field is enterring -1

P: n/a
I'm trying to do a simple update like I have done countless times
before.

However, when I update the empty fields in this table it places a -1
into the field rather than the enterred value.

It is indexed with duplicates allowed. It says that zero lenght is
set to yes.

What can I do about this?
if Request.form("ouserid") <> "" Then
var2 = " and userid = '" & Request.form("ouserid") & "' "
Else
var2 = " and userid is null "
End if
if Request.form("orepid") <> "" Then
var1 = " repid = '" & Request.form("orepid") & "'"
Else
var1 = " repid is null "
End if

"Update [Website Settings] set userid = '" & REquest.form("userid") &
"' and repid = '" & Request.form("repid") & "' where " & var1 & var2
& var3
Thanks!
Jul 20 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
> "Update [Website Settings] set userid = '" & REquest.form("userid") &
"' and repid = '" & Request.form("repid") & "' where " & var1 & var2
& var3


Response.write this to the screen, instead of executing it, and examine the
result.
Jul 20 '05 #2

P: n/a
[posted and mailed, please reply in news]

Scott Hoff (SH***@FIRSTHEARTLAND.COM) writes:
However, when I update the empty fields in this table it places a -1
into the field rather than the enterred value.
...
"Update [Website Settings] set userid = '" & REquest.form("userid") &
"' and repid = '" & Request.form("repid") & "' where " & var1 & var2
& var3


If that is all that happens, consider yourself lucky. A malicious
user could use the above for SQL intrusion, and SQL Server to execute
commands you sure did not intend him to. For a starter, enter
O'Brien in userid.

--
Erland Sommarskog, SQL Server MVP, so****@algonet.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 20 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.