correction d'une ligne de code

E

elia

Bonjour,

Débutant en asp, mon navigateur me signale une faute dans cette ligne,
avec ces "" et ses '' je ne vois pas trop d'où viens l'erreur,
quelqu'un pourait-il m'aider? merci, pascal

La ligne est :

req_sql = UPDATE t_abo SET txtTransactionID=" &
request.form("txtTransactionID") & ", txtPayMet=" &
request.form('txtPayMet') & " WHERE ID=" & request('txtOrderIDShop')"
conn.Execute(req_sql)

----------------------------------------------------------------
Le code affiché par le navigateur est:

Microsoft VBScript compilation error '800a0401'

Expected end of statement

/e_confirmation_bd.asp, line 198

req_sql = UPDATE t_abo SET txtTransactionID=" &
request.form("txtTransactionID") & ", txtPayMet=" &
----------------------------^
request.form('txtPayMet') & " WHERE ID=" & request('txtOrderIDShop')"
 
E

Evertjan.

elia wrote on 09 nov 2005 in microsoft.public.inetserver.asp.general:
req_sql = UPDATE t_abo SET txtTransactionID=" &

req_sql = "UPDATE t_abo SET txtTransactionID='" &_
request.form("txtTransactionID") & ", txtPayMet=" &

request.form("txtTransactionID") & "', txtPayMet='" &_
request.form('txtPayMet') & " WHERE ID=" & request('txtOrderIDShop')"

request.form("txtPayMet") & "' WHERE ID=" & request("txtOrderIDShop")
conn.Execute(req_sql)

conn.Execute req_sql

NB if: ID: number, txtPayMet: string, txtTransactionID: string
 
R

Ray Costanzo [MVP]

You don't start your string with a ".

req_sql = UPDATE t_abo SET...."
vs.
req_sql = "UPDATE t_abo SET...."


Also, what's with request.form('txtPayMet') instead of
request.form("txtPayMet")?

Additionally:
http://www.google.com/search?hl=en&lr=&q=ASP+sql+injection
http://www.aspfaq.com/show.asp?id=2111


Ray at work

Bonjour,

Débutant en asp, mon navigateur me signale une faute dans cette ligne,
avec ces "" et ses '' je ne vois pas trop d'où viens l'erreur,
quelqu'un pourait-il m'aider? merci, pascal

La ligne est :

req_sql = UPDATE t_abo SET txtTransactionID=" &
request.form("txtTransactionID") & ", txtPayMet=" &
request.form('txtPayMet') & " WHERE ID=" & request('txtOrderIDShop')"
conn.Execute(req_sql)

----------------------------------------------------------------
Le code affiché par le navigateur est:

Microsoft VBScript compilation error '800a0401'

Expected end of statement

/e_confirmation_bd.asp, line 198

req_sql = UPDATE t_abo SET txtTransactionID=" &
request.form("txtTransactionID") & ", txtPayMet=" &
----------------------------^
request.form('txtPayMet') & " WHERE ID=" & request('txtOrderIDShop')"
 
E

elia

Merci pour ces informations mais je n'y arrive toujours pas.
Le code comprends 3 imbrications, et donc " et ' ne suffisent pas!
J'ai essayé avec [ mais cela ne fonctionne pas non plus.
Mon probleme est d'ajouter deux variables (txtTransactionID ,
txtPayMet) pour un ID (txtOrderIDShop) qui proviennent d'un Post dans
une Base de donnée.

Ma ligne de code est maintenant :
req_sql = [UPDATE t_abo SET txtTransactionID=" &
request.form('txtTransactionID') &
", & txtPayMet=" & request.form('txtPayMet') " &
WHERE ID=" & request('txtOrderIDShop')"]

mais je reçois le message d'eureur suivant:
Microsoft OLE DB Provider for ODBC Drivers error '80040e0c'
Command text was not set for the command object.

merci.
 
E

Evertjan.

elia wrote on 10 nov 2005 in microsoft.public.inetserver.asp.general:
req_sql = [UPDATE t_abo SET txtTransactionID=" &

Wrong, a string litteral should start with a "

req_sql = "UPDATE t_abo SET txtTransactionID="
 
E

elia

Ok, je commence avec :
"update ....
mais après je suis embêter, comment faire 3 imbrications??

" ......'.....?.....?.....'....."

merci
 
E

Evertjan.

elia wrote on 10 nov 2005 in microsoft.public.inetserver.asp.general:
Ok, je commence avec :
"update ....
mais aprŠs je suis embˆter, comment faire 3 imbrications??

" ......'.....?.....?.....'....."

merci

ASP-vbs needs ".. anything ...." as a litteral string

varNumber = 3
varString = ".. anything ...." & 3 & ".. anything ...."

SQL needs internal! string litterals in '...',
but the string itself needs the ASP-vbs "..." external

varNumber = 17
myTable = "TblFirst"
sqlString = "delete '" & myTable "' where id = " & varNumber

This will make a string in sqlString:

"delete 'TblFirst' where id = 17"
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top