View Single Post
  #1 (permalink)  
Old April 16th, 2012, 04:36 PM
jmss66 jmss66 is offline
Friend of Wrox
Points: 1,007, Level: 12
Points: 1,007, Level: 12 Points: 1,007, Level: 12 Points: 1,007, Level: 12
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , USA.
Posts: 195
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to jmss66
Default Prepared Statement

I am trying to modify my existing SQL statement in opening a table with a parameter. I read somewhere that a prepared statment will prevent SQL injection. Below is as far as I was able to go in my research. I am also updating a record. When I run the program I ger an error message:



ADODB.Recordseterror '800a0cb3'Current Recordset does not support updating. This may be a limitation of the provider, or of the selected locktype

The code is :

Code:
Dim rsUsers
 Set objCmd = Server.CreateObject("ADODB.command")
 set rsUsers = Server.CreateObject("ADODB.Recordset")
 objCmd.ActiveConnection = objConn
 objCmd.CommandType = adCmdText
 objCmd.CommandText = "SELECT * FROM Member WHERE SSN = ?"
 objCmd.Parameters.Append(objCmd.CreateParameter("@SSN", adChar, adParamInput, Len(strSSN), strSSN))
 rsUsers.CursorType = adOpenKeyset
 rsUsers.LockType = adLockOptimistic
 rsUsers.Open = objCmd.Execute()
I am not even sure if my code above is how a prepared statement should look like.
Please anyone, please point me to the right direction or help me with my code above.
Reply With Quote