What Did I Miss?

Discussion in 'ASP .Net' started by Wayne Wengert, May 25, 2005.

  1. I have an aspx page (built in WebMatrix) with the code shown below but when
    I run it if gives an error "Expression Expected" pointing to the first DB
    call. It is as if the calls to the DB values - "<%#Container..." are not
    understood?
    This really did run last year (we on on a new ISP now but I don't see that
    as causing a problem?)

    Any suggestions are most welcome.

    ============= Code ==================
    Function UpdateRecord(e, jn, c)
    ' e is evaluator NameID
    ' jn is Judge's Name
    ' c is caption
    Dim strSQL as String
    strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
    & " Where (judgename = '" &
    <%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
    & " AND (caption = '" & <%#Container.DataItem("caption")%> &
    "')" _
    & " AND evaluator = " & Session ("EvaluatorID")"
    Dim connEval As OleDBConnection
    Dim cmdUpdate As OLEDBCommand
    connEval = New OleDBConnection( "Server=myServer;
    UID=myID;PWD=****;database=DB_12345" )
    cmdUpdate = New OleDBCommand(strSQL, connEval)
    connEval.Open
    cmdUpdate.ExecuteNonQuery
    connEval.Close
    End Function
     
    Wayne Wengert, May 25, 2005
    #1
    1. Advertising

  2. Wayne,
    Is this code running inline (actually in the ASPX page) or are you
    using a codebehind or dll?
    One note i would make on a security stand point would be that you shouldn't
    concatenate strings together from user input and then execute that against
    the database. This leads to injections issues (potential hacks). But on to
    the question asked.
    I think its just a position of your &'s and an extra ". Its hard to
    tell though unless I know if this is inline or not.

    Your Code:
    strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
    & " Where (judgename = '" &
    <%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
    & " AND (caption = '" & <%#Container.DataItem("caption")%>
    & "')" _
    & " AND evaluator = " & Session ("EvaluatorID")" <====Is
    this an extra "

    To work needs to be:
    strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" & _
    " Where (judgename = '" &
    <%#Container.DataItem("JudgeName")%> & "')" & _
    " AND (caption = '" & <%#Container.DataItem("caption")%> &
    "')" & _
    " AND evaluator = " & Session ("EvaluatorID")

    Hope this helps,
    --
    Duane Laflotte
    MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I

    http://www.criticalsites.com/dlaflotte




    "Wayne Wengert" <> wrote in message
    news:...
    > I have an aspx page (built in WebMatrix) with the code shown below but

    when
    > I run it if gives an error "Expression Expected" pointing to the first DB
    > call. It is as if the calls to the DB values - "<%#Container..." are not
    > understood?
    > This really did run last year (we on on a new ISP now but I don't see that
    > as causing a problem?)
    >
    > Any suggestions are most welcome.
    >
    > ============= Code ==================
    > Function UpdateRecord(e, jn, c)
    > ' e is evaluator NameID
    > ' jn is Judge's Name
    > ' c is caption
    > Dim strSQL as String
    > strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
    > & " Where (judgename = '" &
    > <%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
    > & " AND (caption = '" & <%#Container.DataItem("caption")%>

    &
    > "')" _
    > & " AND evaluator = " & Session ("EvaluatorID")"
    > Dim connEval As OleDBConnection
    > Dim cmdUpdate As OLEDBCommand
    > connEval = New OleDBConnection( "Server=myServer;
    > UID=myID;PWD=****;database=DB_12345" )
    > cmdUpdate = New OleDBCommand(strSQL, connEval)
    > connEval.Open
    > cmdUpdate.ExecuteNonQuery
    > connEval.Close
    > End Function
    >
    >
     
    Duane Laflotte, May 25, 2005
    #2
    1. Advertising

  3. This is all inline.

    Wayne

    "Duane Laflotte" <> wrote in message
    news:Ok6x%...
    > Wayne,
    > Is this code running inline (actually in the ASPX page) or are you
    > using a codebehind or dll?
    > One note i would make on a security stand point would be that you
    > shouldn't
    > concatenate strings together from user input and then execute that against
    > the database. This leads to injections issues (potential hacks). But on
    > to
    > the question asked.
    > I think its just a position of your &'s and an extra ". Its hard to
    > tell though unless I know if this is inline or not.
    >
    > Your Code:
    > strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
    > & " Where (judgename = '" &
    > <%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to here
    > & " AND (caption = '" & <%#Container.DataItem("caption")%>
    > & "')" _
    > & " AND evaluator = " & Session ("EvaluatorID")" <====Is
    > this an extra "
    >
    > To work needs to be:
    > strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" & _
    > " Where (judgename = '" &
    > <%#Container.DataItem("JudgeName")%> & "')" & _
    > " AND (caption = '" & <%#Container.DataItem("caption")%>
    > &
    > "')" & _
    > " AND evaluator = " & Session ("EvaluatorID")
    >
    > Hope this helps,
    > --
    > Duane Laflotte
    > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
    >
    > http://www.criticalsites.com/dlaflotte
    >
    >
    >
    >
    > "Wayne Wengert" <> wrote in message
    > news:...
    >> I have an aspx page (built in WebMatrix) with the code shown below but

    > when
    >> I run it if gives an error "Expression Expected" pointing to the first DB
    >> call. It is as if the calls to the DB values - "<%#Container..." are not
    >> understood?
    >> This really did run last year (we on on a new ISP now but I don't see
    >> that
    >> as causing a problem?)
    >>
    >> Any suggestions are most welcome.
    >>
    >> ============= Code ==================
    >> Function UpdateRecord(e, jn, c)
    >> ' e is evaluator NameID
    >> ' jn is Judge's Name
    >> ' c is caption
    >> Dim strSQL as String
    >> strSQL = "UPDATE judgeevaluations Set scoring = ??, Set dialog = ??" _
    >> & " Where (judgename = '" &
    >> <%#Container.DataItem("JudgeName")%> & "')" _ <=== Error points to
    >> here
    >> & " AND (caption = '" &
    >> <%#Container.DataItem("caption")%>

    > &
    >> "')" _
    >> & " AND evaluator = " & Session ("EvaluatorID")"
    >> Dim connEval As OleDBConnection
    >> Dim cmdUpdate As OLEDBCommand
    >> connEval = New OleDBConnection( "Server=myServer;
    >> UID=myID;PWD=****;database=DB_12345" )
    >> cmdUpdate = New OleDBCommand(strSQL, connEval)
    >> connEval.Open
    >> cmdUpdate.ExecuteNonQuery
    >> connEval.Close
    >> End Function
    >>
    >>

    >
    >
     
    Wayne Wengert, May 25, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. youngeagle

    I miss frames!

    youngeagle, Aug 24, 2004, in forum: ASP .Net
    Replies:
    11
    Views:
    655
    Vidar Petursson
    Oct 23, 2004
  2. Paul Watt

    God I miss tables-help needed!

    Paul Watt, Apr 4, 2006, in forum: HTML
    Replies:
    53
    Views:
    1,204
    Paul Ding
    Apr 8, 2006
  3. Ndeye

    miss something about xslt

    Ndeye, Dec 18, 2003, in forum: XML
    Replies:
    3
    Views:
    394
    Dimitre Novatchev
    Dec 18, 2003
  4. JJ
    Replies:
    2
    Views:
    364
  5. Daniel Waite
    Replies:
    2
    Views:
    230
    Daniel Waite
    May 2, 2008
Loading...

Share This Page