Uknown Error Updating Row? - HTML Forums

gillweb · 03-08-2006, 02:20 PM

Heres the code i have

PHP Code:


			
<%



Done = request.querystring("done")

id = request.querystring("id")



Set Rs = Server.CreateObject("ADODB.RecordSet")

    sSQL =     "SELECT * FROM fastpay where id=" & request.querystring("id")



          Rs.Open sSQL, sDSN, adOpenKeySet, adLockPessimistic, adCmdText



If NOT Rs.EOF Then

        Do While NOT Rs.EOF



Rs("Done")=done

Rs.Update





            Rs.MoveNext

            iIndex = iIndex + 1

            If iIndex = 3 Then

                iIndex = 0

            End If

        Loop

    End If    

Response.Redirect("fastpay_print.asp")



%>

but I am getting an error on line 9 saying

PHP Code:


			
Error Type:

ADODB.Recordset (0x800A0BB9)

Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.

Any idea on what I am doing wrong here? It seems like the Rs.Open sSQL line that is the problem.

afterburn · 03-08-2006, 03:30 PM

give us the data type that the db is expecting and the full error ... and point out the line that the error is occuring for us to help.

gillweb · 03-08-2006, 03:41 PM

Got it! For got to include my "adovbs.inc" file :-) Thansk for the help, didn't think of that until you asked for the DB info...

afterburn · 03-08-2006, 04:06 PM

including the adovb.inc file is a bad idea you should load the reference in the global.asa file instead. loaded once . variables are available using intelisence (VS InterDev, VS.net).

and thread safe. not parsed and compiled code..... no more reason to not.

afterburn · 03-08-2006, 04:09 PM

i might want to explain there is a security breach in your code also.

Anyone with half a brain could drop tables by sending URL encoding parameters with

"0--" & vbNewLine & Drop database master

gillweb · 03-15-2006, 11:13 PM

I'm not sure I follow you. Are you saying that someone could send in the querystring ""0--" & vbNewLine & Drop database master" and that would drop my entire database? How would/does global.asa stop this?

afterburn · 03-16-2006, 09:38 AM

That was a side not. The first part solves the issue of including the file in every asp page requiring the server to parse it everytime a page is requested.

The other note was a security issue. Yes if i sent the value in the query string I can drop the entire db and there is not much you can do if your security is not setup correctly.