G
Guest
I am trying to improve the robustness and elegance of my parametized sql
statements in ASP 3.0 as they get passed to the sql server SP.
Could anyone tell me if there are weaknessess in the way I have written the
following code? I have included both the asp code and the sql stored
proceducre to tie things togoether....I appreciate any advice on this. It
basically is a application to manage static news stories on our site by
tracking and organising the meta data in a table.
Many thanks for you comments.
ASP PARAMERT QUERY
----------------------------
If oRS.eof then
'// SAFE TO INSERT STORY....
CREATE Procedure spr_AddStory
oCmd.Parameters.append oCmd.CreateParameter("StoryTitle", adVarChar,
adParamInput,100,pStoryTitle)
oCmd.Parameters.append oCmd.CreateParameter("StoryURL", adVarChar,
adParamInput,150,pStoryURL)
oCmd.Parameters.append oCmd.CreateParameter("StoryBlurb", adVarChar,
adParamInput,1200, PStoryURL)
oCmd.Parameters.append oCmd.CreateParameter("StoryBrokerID int", adInteger,
adParamInput,4,pStoryBrokerID)
oCmd.Parameters.append oCmd.CreateParameter("StoryCompanyID int", adInteger,
adParamInput,4,pStoryCompanyID)
oCmd.Parameters.append oCmd.CreateParameter("StoryCategoryID int",
adInteger, adParamInput,4,pStoryCategoryID)
oCmd.Parameters.append oCmd.CreateParameter("StoryDeptID int", adInteger,
adParamInput,4,pStoryDeptID)
oCmd.Parameters.append oCmd.CreateParameter("StoryKeyword1", adVarChar,
adParamInput,50,pStoryKeyword1)
oCmd.Parameters.append oCmd.CreateParameter("StoryKeyword2", adVarChar,
adParamInput,50,pStoryKeyword2)
oCmd.Parameters.append oCmd.CreateParameter("StoryKeyword3", adVarChar,
adParamInput,50,pStoryKeyword3)
oCmd.Parameters.append oCmd.CreateParameter("RelatedURL1", adVarChar,
adParamInput,150,pRelatedURUL1)
oCmd.Parameters.append oCmd.CreateParameter("RelatedURL2", adVarChar,
adParamInput,150,pRelatedURUL1)
oCmd.Parameters.append oCmd.CreateParameter("RelatedURL3", adVarChar,
adParamInput,150,pRelatedURUL1)
oCmd.Parameters.append oCmd.CreateParameter("StoryDate datetime,
oCmd.Parameters.append oCmd.CreateParameter("StoryImageURL", adVarChar,
adParamInput,150,pStoryImageURL)
oCmd.Parameters.append oCmd.CreateParameter("StoryBLN int", adInteger,
adParamInput,4,pStoryBLN)
set oReturn = oCmd.CreateParameter("u_id", adInteger, adParamOutput)
oCmd.Parameters.append oReturn
oCmd.execute()
'//RESULT...
if oReturn.value=-1 then
Response.write "FAILURE: Insert statement could not be carried out"
response.end
else
Response.write "SUCCESS: Insert statement was successfull"
End if
SQL SERVER STORED PROCEDURE
-------------------------------------------
CREATE Procedure spr_AddStory
@StoryTitle varchar(100),
@StoryURL varchar(150),
@StoryBlurb varchar(1200),
@StoryBrokerID int,
@StoryCompanyID int,
@StoryCategoryID int,
@StoryDeptID int,
@StoryKeyword1 varchar(50),
@StoryKeyword2 varchar(50),
@StoryKeyword3 varchar(50),
@RelatedURL1 varchar(150),
@RelatedURL2 varchar(150),
@RelatedURL3 varchar(150),
@StoryDate datetime,
@StoryImageURL varchar(150),
@StoryBLN int
AS
INSERT INTO Story (StoryTitle, StoryURL, StoryBlurb, StoryBrokerID
,
StoryCompanyID, StoryCategoryID, StoryDeptID, StoryKeyword1, StoryKeyword2,
StoryKeyword3, RelatedURL1, RelatedURL2, RelatedURL3, StoryDate,
StoryImageURL, StoryBLN)
VALUES
(@StoryTitle,@StoryURL,@StoryBlurb,@StoryBrokerID,@StoryCompanyID,@StoryCategoryID,@StoryDeptID,@StoryKeyword1,@StoryKeyword2,@StoryKeyword3,
@RelatedURL1,@RelatedURL2,@RelatedURL3,@StoryDate,@StoryImageURL,@StoryBLN)
GO
statements in ASP 3.0 as they get passed to the sql server SP.
Could anyone tell me if there are weaknessess in the way I have written the
following code? I have included both the asp code and the sql stored
proceducre to tie things togoether....I appreciate any advice on this. It
basically is a application to manage static news stories on our site by
tracking and organising the meta data in a table.
Many thanks for you comments.
ASP PARAMERT QUERY
----------------------------
If oRS.eof then
'// SAFE TO INSERT STORY....
CREATE Procedure spr_AddStory
oCmd.Parameters.append oCmd.CreateParameter("StoryTitle", adVarChar,
adParamInput,100,pStoryTitle)
oCmd.Parameters.append oCmd.CreateParameter("StoryURL", adVarChar,
adParamInput,150,pStoryURL)
oCmd.Parameters.append oCmd.CreateParameter("StoryBlurb", adVarChar,
adParamInput,1200, PStoryURL)
oCmd.Parameters.append oCmd.CreateParameter("StoryBrokerID int", adInteger,
adParamInput,4,pStoryBrokerID)
oCmd.Parameters.append oCmd.CreateParameter("StoryCompanyID int", adInteger,
adParamInput,4,pStoryCompanyID)
oCmd.Parameters.append oCmd.CreateParameter("StoryCategoryID int",
adInteger, adParamInput,4,pStoryCategoryID)
oCmd.Parameters.append oCmd.CreateParameter("StoryDeptID int", adInteger,
adParamInput,4,pStoryDeptID)
oCmd.Parameters.append oCmd.CreateParameter("StoryKeyword1", adVarChar,
adParamInput,50,pStoryKeyword1)
oCmd.Parameters.append oCmd.CreateParameter("StoryKeyword2", adVarChar,
adParamInput,50,pStoryKeyword2)
oCmd.Parameters.append oCmd.CreateParameter("StoryKeyword3", adVarChar,
adParamInput,50,pStoryKeyword3)
oCmd.Parameters.append oCmd.CreateParameter("RelatedURL1", adVarChar,
adParamInput,150,pRelatedURUL1)
oCmd.Parameters.append oCmd.CreateParameter("RelatedURL2", adVarChar,
adParamInput,150,pRelatedURUL1)
oCmd.Parameters.append oCmd.CreateParameter("RelatedURL3", adVarChar,
adParamInput,150,pRelatedURUL1)
oCmd.Parameters.append oCmd.CreateParameter("StoryDate datetime,
oCmd.Parameters.append oCmd.CreateParameter("StoryImageURL", adVarChar,
adParamInput,150,pStoryImageURL)
oCmd.Parameters.append oCmd.CreateParameter("StoryBLN int", adInteger,
adParamInput,4,pStoryBLN)
set oReturn = oCmd.CreateParameter("u_id", adInteger, adParamOutput)
oCmd.Parameters.append oReturn
oCmd.execute()
'//RESULT...
if oReturn.value=-1 then
Response.write "FAILURE: Insert statement could not be carried out"
response.end
else
Response.write "SUCCESS: Insert statement was successfull"
End if
SQL SERVER STORED PROCEDURE
-------------------------------------------
CREATE Procedure spr_AddStory
@StoryTitle varchar(100),
@StoryURL varchar(150),
@StoryBlurb varchar(1200),
@StoryBrokerID int,
@StoryCompanyID int,
@StoryCategoryID int,
@StoryDeptID int,
@StoryKeyword1 varchar(50),
@StoryKeyword2 varchar(50),
@StoryKeyword3 varchar(50),
@RelatedURL1 varchar(150),
@RelatedURL2 varchar(150),
@RelatedURL3 varchar(150),
@StoryDate datetime,
@StoryImageURL varchar(150),
@StoryBLN int
AS
INSERT INTO Story (StoryTitle, StoryURL, StoryBlurb, StoryBrokerID
,
StoryCompanyID, StoryCategoryID, StoryDeptID, StoryKeyword1, StoryKeyword2,
StoryKeyword3, RelatedURL1, RelatedURL2, RelatedURL3, StoryDate,
StoryImageURL, StoryBLN)
VALUES
(@StoryTitle,@StoryURL,@StoryBlurb,@StoryBrokerID,@StoryCompanyID,@StoryCategoryID,@StoryDeptID,@StoryKeyword1,@StoryKeyword2,@StoryKeyword3,
@RelatedURL1,@RelatedURL2,@RelatedURL3,@StoryDate,@StoryImageURL,@StoryBLN)
GO