how to debug in asp ?

Discussion in 'ASP General' started by Kim, Feb 4, 2008.

  1. Kim

    Kim Guest

    Im generally new to ASP, so bear with me. This is not ASP (dot) NET.

    I have a query which gives results when doing the it directly, but
    none (maybe) when done in asp. "Maybe" because I can not get the query
    to output anything.

    sample code:
    set results = conn.execute("Select field1, field2, field3 from tbl")

    while results.EOF
    response.write("before ")
    response.write(results("field1"))
    response.write(" after<br>")
    response.end

    results.movenext
    wend

    sample code result:
    "before after"

    sample code expected result:
    "before <field1_value> after"

    How can I debug this ?
    I know the query is correct, and it gives results when running it
    directly.
    Kim, Feb 4, 2008
    #1
    1. Advertising

  2. Kim wrote:
    > Im generally new to ASP, so bear with me. This is not ASP (dot) NET.
    >
    > I have a query which gives results when doing the it directly, but
    > none (maybe) when done in asp. "Maybe" because I can not get the query
    > to output anything.
    >
    > sample code:
    > set results = conn.execute("Select field1, field2, field3 from tbl")
    >
    > while results.EOF


    Ummm ... I think you meant "WHILE NOT results.EOF"

    Actually, While...Wend have been deprecated. It's more "accepted" these days
    to use a Do loop:

    Do Until results.EOF
    ...
    Loop


    > response.write("before ")
    > response.write(results("field1"))
    > response.write(" after<br>")
    > response.end


    Why are you using response.end here?

    >
    > results.movenext
    > wend
    >
    > sample code result:
    > "before after"


    Really? I would expect no output at all if your While statement is written
    as above (as long as the query returns results, that is)

    >
    > sample code expected result:
    > "before <field1_value> after"


    Again, as written, your code would never produce this result.

    >
    > How can I debug this ?
    > I know the query is correct, and it gives results when running it
    > directly.


    What is the database? If SQL Server, use SQL Profiler to run a trace to
    verify that the sql statement being sent to the server is the statement you
    expect it to be. Otherwise, write your sql statement to Response to verify
    that you have built it correctly. It's a good programming practice to assign
    the statement to a variable so that it can be easily written to Response and
    used as the <source> argument for the Execute method call.

    More tips:
    Using dynamic sql can leave you vulnerable to hackers using sql
    injection:
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    See here for a better, more secure way to execute your queries by using
    parameter markers:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Personally, I prefer using stored procedures, or saved parameter queries
    as they are known in Access:

    Access:
    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=

    http://groups.google.com/groups?hl=...=1&selm=

    Select statement:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/b3d322b882a604bd



    SQL Server:

    http://groups.google.com/group/microsoft.public.inetserver.asp.general/msg/5d3c9d4409dc1701?hl=en&


    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows [MVP], Feb 4, 2008
    #2
    1. Advertising

  3. Kim

    Kim Guest

    On Feb 4, 1:29 pm, "Bob Barrows [MVP]" <>
    wrote:
    > Kim wrote:
    > > Im generally new to ASP, so bear with me. This is not ASP (dot) NET.

    >
    > > I have a query which gives results when doing the it directly, but
    > > none (maybe) when done in asp. "Maybe" because I can not get the query
    > > to output anything.

    >
    > > sample code:
    > > set results = conn.execute("Select field1, field2, field3 from tbl")

    >
    > > while results.EOF

    >
    > Ummm ... I think you meant "WHILE NOT results.EOF"

    Correct. It was a typo.

    > Actually, While...Wend have been deprecated. It's more "accepted" these days
    > to use a Do loop:
    >
    > Do Until results.EOF
    > ...
    > Loop
    >
    > > response.write("before ")
    > > response.write(results("field1"))
    > > response.write(" after<br>")
    > > response.end

    >
    > Why are you using response.end here?

    Debugging. To halt the script.

    >
    >
    >
    > > results.movenext
    > > wend

    >
    > > sample code result:
    > > "before after"

    >
    > Really? I would expect no output at all if your While statement is written
    > as above (as long as the query returns results, that is)
    >
    >
    >
    > > sample code expected result:
    > > "before <field1_value> after"

    >
    > Again, as written, your code would never produce this result.
    >
    >
    >
    > > How can I debug this ?
    > > I know the query is correct, and it gives results when running it
    > > directly.

    >
    > What is the database? If SQL Server, use SQL Profiler to run a trace to
    > verify that the sql statement being sent to the server is the statement you
    > expect it to be. Otherwise, write your sql statement to Response to verify
    > that you have built it correctly. It's a good programming practice to assign
    > the statement to a variable so that it can be easily written to Response and
    > used as the <source> argument for the Execute method call.

    Turns out the bugger was a missing space (!!). Hard to spot.

    > More tips:
    > Using dynamic sql can leave you vulnerable to hackers using sql
    > injection:http://mvp.unixwiz.net/techtips/sql....sqlsecurity.com/DesktopDefault.aspx?tabid=23
    >
    > See here for a better, more secure way to execute your queries by using
    > parameter markers:http://groups-beta.google.com/group/microsoft.public.inetserver.asp.d...
    >
    > Personally, I prefer using stored procedures, or saved parameter queries
    > as they are known in Access:
    >
    > Access:http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
    >
    > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
    >
    > Select statement:http://groups-beta.google.com/group/microsoft.public.inetserver.asp.d...
    >
    > SQL Server:
    >
    > http://groups.google.com/group/microsoft.public.inetserver.asp.genera...
    >
    > --
    > Microsoft MVP - ASP/ASP.NET
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"


    For the record, its MSSQL.
    And its not my system. I have just been asked to add some new stuff
    into it, so I have continued to use the same path as the majority of
    the code is written in.
    Kim, Feb 4, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?bXN1aw==?=
    Replies:
    3
    Views:
    449
    =?Utf-8?B?bXN1aw==?=
    Aug 11, 2004
  2. RonL
    Replies:
    0
    Views:
    735
  3. ringos75
    Replies:
    0
    Views:
    951
    ringos75
    Apr 14, 2005
  4. Mike C. Fletcher
    Replies:
    3
    Views:
    976
    =?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=
    Oct 12, 2003
  5. André
    Replies:
    3
    Views:
    1,577
Loading...

Share This Page