Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Search | Today's Posts | Mark Forums Read
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #11 (permalink)  
Old July 14th, 2003, 02:11 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: Wien, Wien, Austria.
Posts: 158
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to NotNowJohn
Default

Helmut,

I am glad that this code help you.;)
You can eliminate "size=20" if you change lines in the following manner:
<input type=text name=mobile value=" & rs.Fields(6) & " size=20>
change to:
<input type=text name=mobile value=""" & rs.Fields(6) & """ size=20>

For the search page on the first_page.asp you can add some text fields and/or select lists for the search criteria.
If you want to sort the results by the specified filed you have to change this line:
sSQL="SELECT * FROM YourTableName"
with:
sSQL="SELECT * FROM YourTableName ORDER BY Sort_Field_Name"

I suggest you to try yourself this search mechanism's implementation. If you need more help, just let me know.

Regards,
NNJ

...but the Soon is eclipsed by the Moon
Reply With Quote
  #12 (permalink)  
Old July 14th, 2003, 02:32 PM
Authorized User
 
Join Date: Jul 2003
Location: , , .
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hey!

Thanks for such a quick response, I'm working on the information given above,

but while i do that, I would like to ask What is the best way to "hide" databases and passwords? I have been searching for this some say put it inside the cgi bin, some other place passwords as asp files, but you can still see the files when you type the passwords.asp and do a quick search for a mdb file in my site would give it all away.

What would you recommend?

Thanx

...helmut
Reply With Quote
  #13 (permalink)  
Old July 15th, 2003, 09:44 AM
Authorized User
 
Join Date: Jul 2003
Location: , , .
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi again,

Im facing a little problem with the code,

when i test it it gives me this problem:

----//problem

Technical Information (for support personnel)

Error Type:
Microsoft JET Database Engine (0x80040E14)
Syntax error in string in query expression 'www.lcph.ocm' WHERE id=8'.
/hmm/Edinburg/2003/chamber/members/second_page.asp, line 57

---// end of problem

here is the demo of how i modified the code:


//-----Modified code below


<%
Function GetMemberDetails(id)
Dim cn
Dim sSQL
Dim rs
Dim ret_string
Set cn=Server.CreateObject("ADODB.Connection")
cn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("members.mdb")
sSQL="SELECT * FROM Category WHERE id=" & id
ret_string="<table cellspacing=5><tr bgcolor=e0e0e0>"
ret_string=ret_string & "<td class=td_hed>Field Name</td>"
ret_string=ret_string & "<td class=td_hed>Field Value</td></tr>"
set rs=cn.Execute(sSQL)
If not rs.EOF Then
    ret_string=ret_string & "<tr><td class=td_hed>Category</td>"
    ret_string=ret_string & "<td><input type=text name=category value=""" & rs.Fields(1) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Company</td>"
    ret_string=ret_string & "<td><input type=text name=company value=""" & rs.Fields(2) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Address</td>"
    ret_string=ret_string & "<td><input type=text name=address value=""" & rs.Fields(3) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>City</td>"
    ret_string=ret_string & "<td><input type=text name=city value=""" & rs.Fields(4) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>State</td>"
    ret_string=ret_string & "<td><input type=text name=st value=""" & rs.Fields(5) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Zip</td>"
    ret_string=ret_string & "<td><input type=text name=zip value=""" & rs.Fields(6) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Phone</td>"
    ret_string=ret_string & "<td><input type=text name=phone value=""" & rs.Fields(7) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Fax</td>"
    ret_string=ret_string & "<td><input type=text name=fax value=""" & rs.Fields(8) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>Email</td>"
    ret_string=ret_string & "<td><input type=text name=email value=""" & rs.Fields(9) & """ size=20></td></tr>"
    ret_string=ret_string & "<tr><td class=td_hed>URL</td>"
    ret_string=ret_string & "<td><input type=text name=url value=""" & rs.Fields(10) & """ size=20></td></tr>"
    'ret_string=ret_string & "<tr><td class=td_hed>url</td>"
    ' ret_string=ret_string & "<td><input type=text name=officefax value=" & rs.Fields(11) & " size=20></td></tr>"
   ' ret_string=ret_string & "<tr><td class=td_hed>Notes</td>"
    'ret_string=ret_string & "<td><input type=text name=notes value=" & rs.Fields(12) & " size=20></td></tr>"
End If
rs.Close
Set rs=Nothing
cn.Close
Set cn=Nothing
ret_string=ret_string & "</table>"
GetMemberDetails=ret_string
End Function

Function UpdateYourDB(id,category,company,address,city,st,z ip,phone,fax,email,url)
    Dim cn
    Dim sSQL
    Set cn=Server.CreateObject("ADODB.Connection")
    cn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("members.mdb")
    sSQL="UPDATE Category SET category='" & category & "',company='" & company & "',address='" & address
    sSQL=sSQL & "',city=" & city & ",st=" & st & ",zip=" & zip & ",phone='" & phone
    sSQL=sSQL & "',fax='" & fax & "',email='" & email & "',url=" & url
    sSQL=sSQL & "' WHERE id=" & id
    cn.Execute sSQL,lRecs
    cn.Close
    Set cn=Nothing
    UpdateYourDB=lRecs
End Function

If Request.Form("submit")<>"" Then
    id=Request.Form("id")
    category=Request.Form("category")
    company=Request.Form("company")
    address=Request.Form("address")
    city=Request.Form("city")
    st=Request.Form("st")
    zip=Request.Form("zip")
    phone=Request.Form("phone")
    fax=Request.Form("fax")
    email=Request.Form("email")
    url=Request.Form("url")

    If UpdateYourDB(id,category,company,address,city,st,z ip,phone,fax,email,url)=1 Then
        Response.Write "Success message"
    Else
        Response.Write "Failed message"
    End If

Else
    If (Request.QueryString("id")>0) Then
        Response.Write "<form name=""form"" method=""post"" action=""second_page.asp"">"

        id=Request.QueryString("id")
        Response.Write GetMemberDetails(id)

        Response.Write "<input type=hidden name=id value=" & id & ">"
        Response.Write "<input type=submit name=submit value=""Update Changes"">"
        Response.Write "</form>"
    Else
        Response.Write "Wrong parameter!!!"
    End If
End If
%>

----// End of midified Code

I played with this code for hours already and have no idea what the problem is, :o(

Can you see any problems with my modified version?

Thanks!


...helmut
Reply With Quote
  #14 (permalink)  
Old July 15th, 2003, 10:08 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Wien, Wien, Austria.
Posts: 158
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to NotNowJohn
Default

 
Quote:
quote:
Quote:
sSQL=sSQL & "',fax='" & fax & "',email='" & email & "',url=" & url
It seems that this line fails...
Change it with:
sSQL=sSQL & "',fax='" & fax & "',email='" & email & "',url='" & url

Please let me know the result.

...but the Soon is eclipsed by the Moon
Reply With Quote
  #15 (permalink)  
Old July 15th, 2003, 10:25 AM
Authorized User
 
Join Date: Jul 2003
Location: , , .
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks!

I get this result:

-------------------

Error Type:
Microsoft JET Database Engine (0x80040E10)
No value given for one or more required parameters.
/hmm/Edinburg/2003/chamber/members/second_page.asp, line 57

---------------------

there was 2 fields that were empty so i placed a N/A but still gave me that error, I dont think im missing any parameters, The only i was concerened about was ID nuber but ID is being passed.

Any ideas?

Oh btw line 57 is this:

    cn.Execute sSQL,lRecs

dont know if that helps

Thanks!

...helmut
Reply With Quote
  #16 (permalink)  
Old July 15th, 2003, 10:34 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Wien, Wien, Austria.
Posts: 158
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to NotNowJohn
Default

And for the password protection...
ASP code is interpreted by Web server, so the original .asp code is not available to user from his browser, so he can't read the code you wrote. User can read only the result page cretaed by the Web server from .asp page and this page is poor html page.
You can, however, locate user/pass values into the file and read these values from asp page. In that way the connection string isn't hardcoded, and isn't visible even in .asp code. It is strongly recommended to NOT use .txt file for this purpose because when u type http://someaddreseee/somefile.txt you can download the file. You can use again .asp file. Par example:
Code:
<%
server    ServerName
user    user1
pass    pass1
db    dbname
%>
It that way user/pass value are saved in plain format. If you are more "paranoid" you can write two functions:one for encrypt and one for decrypt strings and use them for encrypting these values.
Then u/p file looks like:
Code:
<%
server    g357dsdhwje87343483434
user    5657bvhthg56y7665y6576
pass    7689jhhyh4576567658u6u6
db    6y6y6587ll8inj76i87i8i
%>
and you can use some function in order to retreive connection string value:
Code:
Function GetConnectionString()
dim c_s
'open the file and get the values into the array.
'retreive real parameter value DecryptString function
c_s = "Provider=SQLOLEDB.1;Persist Security Info=False;Data Source="
c_s=c_s & DecryptString(ary(0))
c_s=c_s & ";User ID="
c_s=c_s & DecryptString(ary(1))
c_s=c_s & ";Password="
c_s=c_s & DecryptString(ary(2))
c_s=c_s & ";Initial Catalog="
c_s=c_s & DecryptString(ary(3))
GetConnectionString=c_s
End Function
...but the Soon is eclipsed by the Moon
Reply With Quote
  #17 (permalink)  
Old July 15th, 2003, 10:39 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Wien, Wien, Austria.
Posts: 158
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to NotNowJohn
Default

Helmut,
Add these lines
Code:
Response.Write sSQL
Response.End
before
Code:
cn.Execute sSQL,lRecs
and send what you see.

...but the Soon is eclipsed by the Moon
Reply With Quote
  #18 (permalink)  
Old July 15th, 2003, 10:48 AM
Authorized User
 
Join Date: Jul 2003
Location: , , .
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hey!

It Prints all the parameters:

UPDATE Category SET category='ABSTRACT & TITLE COMPANIES',company='Valley Land Title Company',address='P.O. Box 389',city=Edinburg,st=TX,zip=78540,phone='383-2708',fax='383-8632',email='ljcanales@aol.com',url='' WHERE id=4

---Brake Points uh?
Response.Write sSQL
Response.End
----;)

...helmut
Reply With Quote
  #19 (permalink)  
Old July 15th, 2003, 11:05 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Wien, Wien, Austria.
Posts: 158
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to NotNowJohn
Default

Helmut,
I found that the values for city and state aren't correct. If the column field is varchar(text) type you have to use field='field_value' in SQL statement instead of field=field_value. So, you have to change this line:
Code:
sSQL=sSQL & "',city=" & city & ",st=" & st & ",zip=" & zip & ",phone='" & phone
into
Code:
sSQL=sSQL & "',city='" & city & "',st='" & st & "',zip=" & zip & ",phone='" & phone
If zip column is text type than u have to change zip part too:
Code:
sSQL=sSQL & "',city='" & city & "',st='" & st & "',zip='" & zip & "',phone='" & phone
HTH.


...but the Soon is eclipsed by the Moon
Reply With Quote
  #20 (permalink)  
Old July 15th, 2003, 11:22 AM
Authorized User
 
Join Date: Jul 2003
Location: , , .
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

John,

That was it

Not only that, but all my fields were varchar(text) but the ID #

Now I can edit the fields, Thank You very much for your help. All I have to do now it is to match the look of the website, if you wanna see where this is going to go you can view www.edinburg.com

Thanks again,

**most likely i will come back to ask some more about the search engine hope you are availabe to help with that too

...helmut
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem in updating records & finding records naveed77 VB Databases Basics 1 January 16th, 2007 12:12 PM
problem in updating records & finding records naveed77 VB How-To 1 January 16th, 2007 12:10 PM
Updating Records marmer Classic ASP Databases 1 August 23rd, 2003 11:12 AM
Updating records bspradeep Classic ASP Databases 0 August 20th, 2003 09:27 AM
Updating records help bspradeep Classic ASP Databases 0 July 7th, 2003 10:51 PM



All times are GMT -4. The time now is 02:31 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.