Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Search | Today's Posts | Mark Forums Read
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old April 16th, 2012, 04:36 PM
Friend of Wrox
Points: 1,035, Level: 12
Points: 1,035, Level: 12 Points: 1,035, Level: 12 Points: 1,035, Level: 12
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , USA.
Posts: 196
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to jmss66
Default Prepared Statement

I am trying to modify my existing SQL statement in opening a table with a parameter. I read somewhere that a prepared statment will prevent SQL injection. Below is as far as I was able to go in my research. I am also updating a record. When I run the program I ger an error message:



ADODB.Recordseterror '800a0cb3'Current Recordset does not support updating. This may be a limitation of the provider, or of the selected locktype

The code is :

Code:
Dim rsUsers
 Set objCmd = Server.CreateObject("ADODB.command")
 set rsUsers = Server.CreateObject("ADODB.Recordset")
 objCmd.ActiveConnection = objConn
 objCmd.CommandType = adCmdText
 objCmd.CommandText = "SELECT * FROM Member WHERE SSN = ?"
 objCmd.Parameters.Append(objCmd.CreateParameter("@SSN", adChar, adParamInput, Len(strSSN), strSSN))
 rsUsers.CursorType = adOpenKeyset
 rsUsers.LockType = adLockOptimistic
 rsUsers.Open = objCmd.Execute()
I am not even sure if my code above is how a prepared statement should look like.
Please anyone, please point me to the right direction or help me with my code above.
Reply With Quote
  #2 (permalink)  
Old April 17th, 2012, 04:41 AM
Authorized User
Points: 448, Level: 7
Points: 448, Level: 7 Points: 448, Level: 7 Points: 448, Level: 7
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2011
Posts: 86
Thanks: 1
Thanked 12 Times in 12 Posts
Default

Hi,

what you show looks about right actually..

Although strictly speaking you don't have a prepared statement yet (only when you add objCmd.Prepared = True you'll get a prepared or precompiled command), that's probably not causing the recordset error..

You probably should look at your connection and check whether your provider supports the cursortype / locktyp.. if it doesn't it will actually run under another one...
Reply With Quote
  #3 (permalink)  
Old April 17th, 2012, 12:17 PM
Friend of Wrox
Points: 1,035, Level: 12
Points: 1,035, Level: 12 Points: 1,035, Level: 12 Points: 1,035, Level: 12
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , USA.
Posts: 196
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to jmss66
Default

It works with the old code. It's just that I am redoing the code to add a prepared statement. This is the old code.

Code:
Dim rsUsers
set rsUsers = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM Member WHERE SSN = " & strSSN & ";"
rsUsers.Open strSQL, objConn,adOpenKeyset,adLockOptimistic,adCmdText
The locktype worked with the code above. So I don't know why it doesn't work with the revised code.
Reply With Quote
  #4 (permalink)  
Old April 17th, 2012, 12:38 PM
Friend of Wrox
Points: 1,035, Level: 12
Points: 1,035, Level: 12 Points: 1,035, Level: 12 Points: 1,035, Level: 12
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , USA.
Posts: 196
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to jmss66
Default

I launched another browser and tried running the code. I am no longer getting the error message and it is now working. I will add objCmd.Prepared = True. My question is which line do I add it in? Does it matter in which line I add to?

I actually added after the line ActiveConnection and looks like it worked.

Thanks for your help.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
prepared statement sanqry J2EE 0 April 16th, 2006 02:58 AM
problem in prepared Statement abhit_kumar Java Databases 2 March 23rd, 2006 09:34 AM
Prepared SQL VS. Regular Queries nikotromus Pro VB 6 0 January 17th, 2006 08:37 PM
Prepared SQL VS. Regular Queries nikotromus Pro VB Databases 0 January 17th, 2006 08:35 PM
problem in prepared statement abhit_kumar JSP Basics 1 November 25th, 2004 04:22 AM



All times are GMT -4. The time now is 05:10 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.