Form update inside loop

Discussion in 'ASP General' started by David, Jan 25, 2008.

  1. David

    David Guest

    I have an asp update page which I cannot fathom.

    Basically I have an asp page which displays a recordset of items on an
    order
    I have a link on the same page which takes the user to an edit page
    for the same data, i.e. data in text boxes etc.

    First, I created an update loop to save any changes to any of the text
    boxes in any row for all records. There are 2 text boxes for each
    record, order qty (P_metal_qty) and outstanding order qty
    (P_metal_Open)
    Each field on the edit page is coded like: <input style='text-align:
    center' type=text name=mqty_" & RS("Phoenix_orderline_ID") & "
    value=" & RS("P_metal_qty") & ">

    On the next update page, after hitting submit.....


    If Request.Form("ID").Count > 0 then

    For i = 1 to Request.Form("ID").Count

    uSQL = "UPDATE phoenix_orderlines SET "
    uSQL = uSQL & " P_metal_qty = '" & request.form("mqty_" &
    Request.Form("ID")(i)) & "'"
    uSQL = uSQL & ", P_metal_Open ='" & request.form("mopen_" &
    Request.Form("ID")(i)) & "'"
    uSQL = uSQL & " WHERE Phoenix_orderline_ID= '" &
    Request.Form("ID")(i) & "';"
    Set RS = adoDataConn.Execute(uSQL)
    Next

    End If



    This code works fine.
    I then needed to add an additional two text boxes to each row just for
    entering data against each record (Qty Delivered & Delivery Note #),
    but which would be updated to different tables, and not display in
    these text boxes in edit mode. They are just for entering the data,
    and it gets saved elsewhere.

    The Problem
    When I try and the use the ID from the above code whilst still in the
    loop, it throws me all th ID's of all the records displayed, not the
    one in the current loop, i.e. if I response.write Request.Form("ID")
    (i) I get 188185184186187 printed, so from that I do not understand
    how the above code works ??
    I thought only a single ID would be used during each cycle of the
    loop.

    Appreciate any help you can offer, thanks

    David
     
    David, Jan 25, 2008
    #1
    1. Advertising

  2. "David" <> wrote in message
    news:...
    > I have an asp update page which I cannot fathom.
    >
    > Basically I have an asp page which displays a recordset of items on an
    > order
    > I have a link on the same page which takes the user to an edit page
    > for the same data, i.e. data in text boxes etc.
    >
    > First, I created an update loop to save any changes to any of the text
    > boxes in any row for all records. There are 2 text boxes for each
    > record, order qty (P_metal_qty) and outstanding order qty
    > (P_metal_Open)
    > Each field on the edit page is coded like: <input style='text-align:
    > center' type=text name=mqty_" & RS("Phoenix_orderline_ID") & "
    > value=" & RS("P_metal_qty") & ">
    >
    > On the next update page, after hitting submit.....
    >
    >
    > If Request.Form("ID").Count > 0 then
    >
    > For i = 1 to Request.Form("ID").Count
    >
    > uSQL = "UPDATE phoenix_orderlines SET "
    > uSQL = uSQL & " P_metal_qty = '" & request.form("mqty_" &
    > Request.Form("ID")(i)) & "'"
    > uSQL = uSQL & ", P_metal_Open ='" & request.form("mopen_" &
    > Request.Form("ID")(i)) & "'"
    > uSQL = uSQL & " WHERE Phoenix_orderline_ID= '" &
    > Request.Form("ID")(i) & "';"
    > Set RS = adoDataConn.Execute(uSQL)
    > Next
    >
    > End If
    >
    >
    >
    > This code works fine.
    > I then needed to add an additional two text boxes to each row just for
    > entering data against each record (Qty Delivered & Delivery Note #),
    > but which would be updated to different tables, and not display in
    > these text boxes in edit mode. They are just for entering the data,
    > and it gets saved elsewhere.
    >
    > The Problem
    > When I try and the use the ID from the above code whilst still in the
    > loop, it throws me all th ID's of all the records displayed, not the
    > one in the current loop, i.e. if I response.write Request.Form("ID")
    > (i) I get 188185184186187 printed, so from that I do not understand
    > how the above code works ??
    > I thought only a single ID would be used during each cycle of the
    > loop.
    >



    Well you've shown us code that does what you expect but not the actual code
    that has you scratching your head. E.g., is you have simply place
    Response.Write Request.Form("ID")(i) inside your loop then its going to send
    each string one after the other so I'd expect the result you indicated.

    However you do a serious problem. Search the web for "SQL Injection".
    Basically give that form I could formulate a value for one of the text boxes
    (e.g., 0'; DELETE phoenix_orderlines; --) That would some nasty things to
    your DB.

    Also since you look the ID fields by ordinal number why not mqy and mopen?



    --
    Anthony Jones - MVP ASP/ASP.NET
     
    Anthony Jones, Jan 25, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Roedy Green
    Replies:
    3
    Views:
    437
    Mike Schilling
    Sep 13, 2008
  2. Aggelos

    Loop Inside loop for writing text lines

    Aggelos, Nov 11, 2003, in forum: ASP General
    Replies:
    2
    Views:
    200
    Aggelos
    Nov 12, 2003
  3. wreed
    Replies:
    9
    Views:
    193
    wreed
    Oct 16, 2006
  4. Isaac Won
    Replies:
    9
    Views:
    390
    Ulrich Eckhardt
    Mar 4, 2013
  5. Isaac Won
    Replies:
    1
    Views:
    127
Loading...

Share This Page