p2p.wrox.com: Archives - access

access_asp thread: Help. I can't add fields to the database

Message #1 by "Richard Ong Poh Teck" <richie_ong@h...> on Mon, 7 Oct 2002 13:26:54

<Below is the error>
Error Type:
ADODB.Recordset (0x800A0CB3)
Current Recordset does not support updating. This may be a limitation of 
the provider, or of the selected locktype.
/SE/AddUser.asp, line 16

<Line 16 is at rsUsers.AddNew>
<%
  Dim rsUsers
  Set rsUsers = Server.CreateObject("ADODB.Recordset")
  rsUsers.CursorType = 1
  rsUsers.LockType = 3
  
  rsUsers.Open "Person", objConn
    
  If Session("PersonID") <> "" Then                       ' currently 
logged-on user
    rsUsers.Filter = "PersonID = '" & Session("PersonID") & "'"   
  Else                                                                 ' 
New session
    rsUsers.Filter = "EMailAddress = '" & Request.Form("email") & "'" & _ 
                     "AND Password = '" & Request.Form("password") & "'"
    If rsUsers.EOF Then                                             ' User 
not found
      rsUsers.AddNew 

Can someone please help me

Message #2 by "Ken Schaefer" <ken@a...> on Tue, 8 Oct 2002 11:02:37 +1000

a) Check your NTFS permissions (see thread titled "Help" a day ago)

b) Don't use a recordset to insert data into your database.

c) You have no filtering for invalid input, which leaves you open to SQL
Injection Attacks:
eg see: http://www.nextgenss.com/papers/advanced_sql_injection.pdf

d) Try code that looks like this

<% @Language=VBScript%>
<%
Option Explicit

Dim strEmail
Dim strPassword
Dim objConn
Dim objRS

strEmail = Request.Form("Email")
strPassword = Request.Form("Password")

strSQL = _
    "SELECT NULL " & _
    "FROM Person "

If Session("PersonID") <> "" then
    strSQL = strSQL & "WHERE PersonID = " & Session("PersonID")
Else
    strSQL = strSQL &
        "WHERE EmailAddress = '" & Replace(strEmail, "'", "''") & "' " & _
        "AND [Password] = '" & Replace(strPassword, "'", "''") & "'"
End If

Set objConn = GetDBConn(Application("DBConnString"))
Set objRS = objConn.Execute(strSQL)
If objRS.EOF then
    ' Add New User
    strSQL = _
        "INSERT INTO..."
Else
    ' User Already Exists
End If

Function GetDBConn( _
    ByVal strConnString _
    )

    Dim objDBConn

    Set objDBConn = Server.CreateObject("ADODB.Connection")
    objDBConn.Open strConnString
    Set GetDBConn = objDBConn

End Function
%>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----- Original Message -----
From: "Richard Ong Poh Teck" <richie_ong@h...>
To: "Access ASP" <access_asp@p...>
Sent: Monday, October 07, 2002 1:26 PM
Subject: [access_asp] Help. I can't add fields to the database


: <Below is the error>
: Error Type:
: ADODB.Recordset (0x800A0CB3)
: Current Recordset does not support updating. This may be a limitation of
: the provider, or of the selected locktype.
: /SE/AddUser.asp, line 16
:
: <Line 16 is at rsUsers.AddNew>
: <%
:   Dim rsUsers
:   Set rsUsers = Server.CreateObject("ADODB.Recordset")
:   rsUsers.CursorType = 1
:   rsUsers.LockType = 3
:
:   rsUsers.Open "Person", objConn
:
:   If Session("PersonID") <> "" Then                       ' currently
: logged-on user
:     rsUsers.Filter = "PersonID = '" & Session("PersonID") & "'"
:   Else                                                                 '
: New session
:     rsUsers.Filter = "EMailAddress = '" & Request.Form("email") & "'" & _
:                      "AND Password = '" & Request.Form("password") & "'"
:     If rsUsers.EOF Then                                             ' User
: not found
:       rsUsers.AddNew
:
: Can someone please help me

Return to Index

P2P Archives