Thread: Trying to get this to play nice
View Single Post
  #2 (permalink)  
Old July 6th, 2009, 04:00 AM
joefawcett's Avatar
joefawcett joefawcett is offline
Wrox Author
Points: 8,994, Level: 40
Points: 8,994, Level: 40 Points: 8,994, Level: 40 Points: 8,994, Level: 40
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Exeter, , United Kingdom.
Posts: 2,922
Thanks: 0
Thanked 13 Times in 12 Posts
Default
I can't see any Ajax there. Does the page you showed work and display the records from the query? I'd be surprised if it worked as you're not using the myProdID variable, and you're leaving yourself exposed to a SQL injection attack. So this:
Code:
oRs = oConn.Execute("SELECT prodID, prodName FROM tblProds WHERE prodID = 'myProdID'");
should be:
Code:
oRs = oConn.Execute("SELECT prodID, prodName FROM tblProds WHERE prodID = '" + myProdID + "'");
but you should be using parameterised query.
__________________
--

Joe
Reply With Quote