Hello.

I am creating a small billing database using ASP/Access.

I am doing something wrong but cannot figure it out :)
Wondering if anyone can spot the problem.

User goes to a linkinvoice.asp?invoice=00105I am trying to get the invoice number that they clicked on and put it in there WHERE part of the Rs. Open bit :)Rs.Open "SELECT * FROM Payments WHERE Payment_ID='Request.QueryString("invoice")', Conn, 1,3Regards,
Thomas Currie

Anyone?

Could you give us a bit more of the code on line 130 where the error is?

Ill explain my problem more.
I want the user to be able to click an invoice.
They will be sent via a link like thisinvoice.asp?invoice=00105I want to take that invoice number and put it into the WHERE part of the database connection code, where currently 00104 isRs.Open "SELECT * FROM Payments WHERE Payment_ID='00104'", Conn, 1, 3I want to use theRequest.QueryString("invoice")To do this. However i cant seem to get to work, see my first post for the code i was trying to use (and ive tried so many ones like it).

Regards,
Thomas Currie

You could try converting the QueryString to the payment_ID like this::

payment_ID = Request.QueryString("payment_ID")

That makes no sence...
For a start the QueryString will be "invoice"Rs.Open "SELECT * FROM Payments WHERE Payment_ID='Request.QueryString("invoice")'", Conn, 1, 3Is this what you have asked me to do. This wont work?

Regards,
Thomas Currie

Rs.Open "SELECT * FROM Payments WHERE Payment_ID='" & Request.QueryString("invoice") & "', Conn, 1,3

By the way, as a rule of thumb, table's ID fields (like Payment_ID) should be a numeric value. Its a key ingredient of a good database design since it facilitates indexes, joins, identity etc.

Hope it helps.

You know that you are just setting yourself up for SQL injection attacks with your script, right?

Never, ever allow a query to be modified from the GET string.

Ashben

Sorry that makes it have an 500 server error :(
See what i mean, its well random!

Fyrestrtr

How would you suggest i counteract this then while being able to display the data from which ever invoice number they click?

Regards,
Thomas Currie

For anyone interested, more ppl trying to work it :)
http://www.programmingtalk.com/showthread.php?p=10149

Regards,
Thomas Currie

If you havent solved it yet.... Can u find out what error the server is throwing. If u have "on error resume next" anywhere... comment it and try again. The sql statement that Ashben gave was absolutely correct and you are trying to do a simple select. This would be a simple error. So, give me a more info and i am sure we can get to the bottom of this in no time and move on.

what is your Data type in Access for Payment_ID?

Text.

I have just changed it to number, and it gave a 500 error :)
When i changed it back to txt it worked again. heh.

The error MUST be on that line!!!

Regards,
Thomas Currie

I couldn't read all the posts due to my division between work and surfing on forums...

NEVER EVER do id requests with strings(as the name says QueryString is a string by default)... It's a bad policy...

Over asp if the string is suposed to be an int then do CInt(Request.QueryString("<INSERT NAME HERE>"))

Eg:

Query string A = xpto123xpto

CInt(Request.QueryString("A"))

This will return 123

Hope it helps.
Best luck and regards.

Give us the Error Message that you get. And BTW, it is a good practice to write it like this:



var intID = Request.QueryString("invoice").Item;
if(intID == null) {
//show error message
}else{

objRecordest.Open("SELECT * FROM Payments WHERE Payment_ID='" + intID + "', Conn, 1, 3);

}

Another thing instead of 1,3 try 1,2...

Give feedback on both my sugestions plz

ADODB.Field error '80020009'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

/netbilling/invoice.asp, line 0

Can you mail me the files (including db) so I can take a better look at it?

Newsof, please PM me your email address.

I will remove all customer information from the db.

Regards,
Thomas Currie

nobrains@barrysworld.com

My email is public within this forum.

Best regards.

Sent you an email with the working version

Please take a carfull look specialy at the db changes and that final issue I mention in the end of the email.


Regards

Try this on for size:

Dim invoice, rsSQL
' if invoice is labeled a text in the database
invoice = Request.QueryString("invoice")
rsSQL = "SELECT * FROM Payments WHERE Payment_ID = '" & invoice & "'"
Rs.Open rsSQL, conn, 1, 3

OR

Dim invoice, rsSQL
' if invoice is labeled an integer in the database
invoice = Request.QueryString("invoice")
rsSQL = "SELECT * FROM Payments WHERE Payment_ID = " & invoice
Rs.Open rsSQL, conn, 1, 3

Thank you tbnguyen.
DBA-NewSof has sent me a working version.

Once agian DBA-Newsof, thank you for you help.

Regards,
Thomas Currie

If you are using the Microsoft Jet Provider Engine, should just connect through the conn using 3, 3 and then reverting back to 1,2 or 1,3

ah... didn't see the last post...

Once agian DBA-Newsof, thank you for you help.

No problem, glad I could help.

ah... didn't see the last post...

:(

Regards