 |  |  |  |  |  |  |  |
Weird ASP/SQL Problem
Please support our ASP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Dec 2004
Posts: 234
Reputation: 
Solved Threads: 0
Posting Whiz in Training
Weird ASP/SQL Problem
Consider the following HTML Form, it has a textbox and a search button.
The search.asp page:
if I put this query in the search.asp page then it will search by name based on the name I entered in the textbox. But if I leave the textbox empty and click on the search button, SQL fetches all the rows from the table. If you havent noticed this before, try it now!!
Well, this is not my problem/question. my question is if I place a combo box instead of the textbox and assign a NULL value to one of the option field like:
and press the search button, then it does not fetch all the rows as it did for the empty textbox.
Any idea why?
Consider the following HTML Form, it has a textbox and a search button.
ASP Syntax (Toggle Plain Text)
The search.asp page:
ASP Syntax (Toggle Plain Text)
if I put this query in the search.asp page then it will search by name based on the name I entered in the textbox. But if I leave the textbox empty and click on the search button, SQL fetches all the rows from the table. If you havent noticed this before, try it now!!
Well, this is not my problem/question. my question is if I place a combo box instead of the textbox and assign a NULL value to one of the option field like:
ASP Syntax (Toggle Plain Text)
and press the search button, then it does not fetch all the rows as it did for the empty textbox.
Any idea why?
I think you may be experiencing a discrepancy between empty strings and null values. An empty string does not have the same value as Null. On your results page, try doing a determination of the value it actually receives before trying to process it. You may find that your form is not sending the value you think it is.
ASP Syntax (Toggle Plain Text)
•
•
•
•
Originally Posted by cancer10 
Weird ASP/SQL Problem
Consider the following HTML Form, it has a textbox and a search button.
ASP Syntax (Toggle Plain Text)
The search.asp page:
ASP Syntax (Toggle Plain Text)
if I put this query in the search.asp page then it will search by name based on the name I entered in the textbox. But if I leave the textbox empty and click on the search button, SQL fetches all the rows from the table. If you havent noticed this before, try it now!!
Well, this is not my problem/question. my question is if I place a combo box instead of the textbox and assign a NULL value to one of the option field like:
ASP Syntax (Toggle Plain Text)
and press the search button, then it does not fetch all the rows as it did for the empty textbox.
Any idea why?
The proper why to make this call is by using a parameterized query. Otherwise, you are leaving yourself open to sql injection and the problem you are seeing. Sql server views all parameters as literals.
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
look at how it looks on sql when the server reads it..
through the textbox with no value:
select * from tbl_group_contact where userName ='NULL'
therefore it will select all usernames as there is no value to compare it against. So it compares nothing and selects everything
through select with no value:
select * from tbl_group_contact where userName =''
therefore it compares username to "".
The difference is that SQL understands NULL as an empty field and understands "" as a comparison.
The null will select everything and the "" will select only those fields where username does not equal null but does not have any information stored.
This is why validation is so detrimental in programming. A simple if isNull(Request.QueryString("txtName")) or Request.QueryString("txtName") = "" then statement can stop the SQL from firing and just show an error instead of tapping the database and getting distorted results.
through the textbox with no value:
select * from tbl_group_contact where userName ='NULL'
therefore it will select all usernames as there is no value to compare it against. So it compares nothing and selects everything
through select with no value:
select * from tbl_group_contact where userName =''
therefore it compares username to "".
The difference is that SQL understands NULL as an empty field and understands "" as a comparison.
The null will select everything and the "" will select only those fields where username does not equal null but does not have any information stored.
This is why validation is so detrimental in programming. A simple if isNull(Request.QueryString("txtName")) or Request.QueryString("txtName") = "" then statement can stop the SQL from firing and just show an error instead of tapping the database and getting distorted results.
Last edited by SheSaidImaPregy; Oct 20th, 2007 at 6:56 pm.
•
•
Join Date: Oct 2007
Posts: 147
Reputation:
Solved Threads: 13
Junior Poster
•
•
•
•
Originally Posted by cancer10
Weird ASP/SQL Problem
Consider the following HTML Form, it has a textbox and a search button.
ASP Syntax (Toggle Plain Text)
The search.asp page:
ASP Syntax (Toggle Plain Text)
if I put this query in the search.asp page then it will search by name based on the name I entered in the textbox. But if I leave the textbox empty and click on the search button, SQL fetches all the rows from the table. If you havent noticed this before, try it now!!
Well, this is not my problem/question. my question is if I place a combo box instead of the textbox and assign a NULL value to one of the option field like:
ASP Syntax (Toggle Plain Text)
and press the search button, then it does not fetch all the rows as it did for the empty textbox.
Any idea why?
"<input name="txtName" type="text" id="txtEmail" />"
"name" and "id" are supposed to mean the same thing! "id" is supposed to be the preferred parameter. "name" will probably be deprecated eventually.
When your browser transmitted the value of the textbox, it transmitted it under the id, "txtEmail" (because, either , it encountered "id" after "name" when parsing the form or it simply uses "id" whenever "id" is specified and uses "name" otherwise ).
You retrieved it under the name "txtName" which did not exist. I think that is why you got a NULL. When you did it with an <option> tag, you transmitted an empty string ("") under the id "txtType" (you used "txtType" for "name" and "id").
Hoppy
|
Similar Threads
- ASP/SQL - Problem (ASP)
- Freelance Web designer PHP, MySQL, ASP, SQL Server 2000 (Web Development Job Offers)
- How to connect ASP with sql server ? (Community Introductions)
- ASP and SQL ? (MS SQL)
Other Threads in the ASP Forum
- Previous Thread: can asp work with mySQL
- Next Thread: Dynamic Page?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest ASP Posts
- Today's Posts
- Unanswered Threads
archive asp asp.net aspandmssqlserver2005 aspandmssqlserver2005connection aspconnection connection database databaseconnection dreamweaver excel fso iis msmsql mssql2005 mssqlserver2005 mssqlserver2005andasp mssqlserverandasp opentextfile record searchbox selectoption single specfic sqlserver sqlserverconnection windows7
