Really strange error

Question

Post reply

Really strange error

J Kemm

Newbie

Points: 2
More actions
December 13, 2004 at 7:59 am

#183709

Hiya Peeps,
I'm trying to set up an Intranet at the school. It has an admin section to add / modify / delete records.
So far it adds records but I'm struggling with modifying them.
If I use the code like this:
recset1.Source = "SELECT * FROM events WHERE events_id = 10"
it updates fine but if I try and use an ASP variable:
recset1.Source = "SELECT * FROM events WHERE events_id = " & request("id") & ""
An error occurs:
Microsoft OLE DB Provider for SQL Server error '80040e21'
The requested properties cannot be supported.
Wierd. Any ideas why?

Jk

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

J Kemm Newbie Points: 2 More actions · Answer 1

Found it - the field i was requesting from was called events_id instead of id. I WAS REQUESTING A NON EXISTENT FIELD!

Jk

oldgoat SSCrazy Points: 2344 More actions · Answer 2

Speaking from having done this myself, and having several years experience of such development work, how are you doing the sql debugging/scripting?

Frank Kalis SSC Guru Points: 111183 More actions · Answer 3

Not to be combative, but you might want to read about the basics of stored procedures and sql injection BEFORE it hits you.

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

oldgoat SSCrazy Points: 2344 More actions · Answer 4

that was kind of my line of thinking, Frank, but it'd be useful to know (judging by the quoted lines of statement) whether its been anywhere near Query Analyser.....

Frank Kalis SSC Guru Points: 111183 More actions · Answer 5

Sorry, wasn't aware that you've already replied while I was reading and typing.

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

oldgoat SSCrazy Points: 2344 More actions · Answer 6

hey - no worries!

Kind of surprised that no-one else had picked it up, but there you go. There seems precious few threads on web/sql with this kind of line....

Antares686 SSC Guru Points: 125444 More actions · Answer 7

Just my added 2 cents...

Or if you choose not to use a Stored Procedure at least use a ADOBB.Command object and parameterize your sql statement. Works Exactly the same as doing with a stored procedure which means you can control the SQL string more effectively against injection attacks and they can only submit valid data for the data type.

I have a few extreme pages going against a view for adhoc style reporting where I build the string parameterized for each option chosen.

But another thing I noticed was you just use Request("obj_name") which is a bad practive. If the page is sent by a form POST use Request.Form, if a QueryString the use Request.QueryString otherwise you open yourself to another attck thru QueryStrings if post is the passed method and you are spending a lot of extra cycles looking thru the entire Request collection that you don't need.