What Did I Miss?

W

Wayne Wengert

I have an aspx page (built in WebMatrix) with the code shown below but when
I run it if gives an error "Expression Expected" pointing to the first DB
call. It is as if the calls to the DB values - "<%#Container..." are not
understood?
This really did run last year (we on on a new ISP now but I don't see that
as causing a problem?)

Any suggestions are most welcome.

============= Code ==================
Function UpdateRecord(e, jn, c)
' e is evaluator NameID
' jn is Judge's Name
' c is caption
Dim strSQL as String
strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
& " Where (judgename = '" &
<%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
& " AND (caption = '" & <%#Container.DataItem("caption")%> &
"')" _
& " AND evaluator = " & Session ("EvaluatorID")"
Dim connEval As OleDBConnection
Dim cmdUpdate As OLEDBCommand
connEval = New OleDBConnection( "Server=myServer;
UID=myID;PWD=****;database=DB_12345" )
cmdUpdate = New OleDBCommand(strSQL, connEval)
connEval.Open
cmdUpdate.ExecuteNonQuery
connEval.Close
End Function
 
D

Duane Laflotte

Wayne,
Is this code running inline (actually in the ASPX page) or are you
using a codebehind or dll?
One note i would make on a security stand point would be that you shouldn't
concatenate strings together from user input and then execute that against
the database. This leads to injections issues (potential hacks). But on to
the question asked.
I think its just a position of your &'s and an extra ". Its hard to
tell though unless I know if this is inline or not.

Your Code:
strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
& " Where (judgename = '" &
<%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
& " AND (caption = '" & <%#Container.DataItem("caption")%>
& "')" _
& " AND evaluator = " & Session ("EvaluatorID")" <====Is
this an extra "

To work needs to be:
strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" & _
" Where (judgename = '" &
<%#Container.DataItem("JudgeName")%> & "')" & _
" AND (caption = '" & <%#Container.DataItem("caption")%> &
"')" & _
" AND evaluator = " & Session ("EvaluatorID")

Hope this helps,
 
W

Wayne Wengert

This is all inline.

Wayne

Duane Laflotte said:
Wayne,
Is this code running inline (actually in the ASPX page) or are you
using a codebehind or dll?
One note i would make on a security stand point would be that you
shouldn't
concatenate strings together from user input and then execute that against
the database. This leads to injections issues (potential hacks). But on
to
the question asked.
I think its just a position of your &'s and an extra ". Its hard to
tell though unless I know if this is inline or not.

Your Code:
strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
& " Where (judgename = '" &
<%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
& " AND (caption = '" & <%#Container.DataItem("caption")%>
& "')" _
& " AND evaluator = " & Session ("EvaluatorID")" <====Is
this an extra "

To work needs to be:
strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" & _
" Where (judgename = '" &
<%#Container.DataItem("JudgeName")%> & "')" & _
" AND (caption = '" & <%#Container.DataItem("caption")%>
&
"')" & _
" AND evaluator = " & Session ("EvaluatorID")

Hope this helps,
--
Duane Laflotte
MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
(e-mail address removed)
http://www.criticalsites.com/dlaflotte
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top