0

Guys, I am trying to learn asp, but I am stuck on this error forever... I managed to display and create new, but I can't delete and update. I was told I had to remove the ' around cid, but it still gave me another erro. can someone please provide me with a quick solution.

  <html>
<body>

<h2>Update Record</h2>
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"

cid=Request.Form("customerID")

if Request.form("companyname")="" then
  set rs=Server.CreateObject("ADODB.Recordset")
  rs.open "SELECT * FROM customers WHERE customerID='" & cid & "'",conn
  %>
  <form method="post" action="demo_update.asp">
  <table>
  <%for each x in rs.Fields%>
  <tr>
  <td><%=x.name%></td>
  <td><input name="<%=x.name%>" value="<%=x.value%>"></td>
  <%next%>
  </tr>
  </table>
  <br><br>
  <input type="submit" value="Update record">
  </form>
<%
else
  sql="UPDATE customers SET "
  sql=sql & "companyname='" & Request.Form("companyname") & "',"
  sql=sql & "contactname='" & Request.Form("contactname") & "',"
  sql=sql & "address='" & Request.Form("address") & "',"
  sql=sql & "city='" & Request.Form("city") & "',"
  sql=sql & "postalcode='" & Request.Form("postalcode") & "',"
  sql=sql & "country='" & Request.Form("country") & "'"
  sql=sql & " WHERE customerID='" & cid & "'"
  on error resume next
  conn.Execute sql
  if err<>0 then
    response.write("No update permissions!")
  else
    response.write("Record " & cid & " was updated!")
  end if
end if
conn.close
%>

</body>
</html>
4
Contributors
3
Replies
11
Views
3 Years
Discussion Span
Last Post by Blueie
0

Compare what data type the cid column in the database is to what the cid variable holds after the line: cid = Request.Form("customerID").
Data type erros normally mean you are passing in the wrong type against what is expected (string vs int for example).

0

On a related note, you should consider using parameterized queries instead so that your parameters are passed as literal text. This prevents errors and is good for security.

A simple example regarding why you should use parameterized queries.. say any of the variables you are using in your SQL query contains an apostrophe... the appostophe will cause your application to fail.

Here is an example online on how to use parameterized queries in Classic ASP.

http://blogs.technet.com/b/neilcar/archive/2008/05/23/sql-injection-mitigation-using-parameterized-queries-part-2-types-and-recordsets.aspx

0

You would need to open northwind.mdb, double-click on the 'customers' table, and select 'Design View'. That will show you the Data Type for each field. The data you are passing into that field needs to correspond to the 'data type' for that field. So you wouldn't, for instance, have a 'Text' data type if you were updating a currency field.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.