I have form page that collects data. The user clicks SUBMIT, which goes to a "post page. At the end of this page is the redirect code I am using.
response.redirect( "test.asp?ChecklistID=" + ChecklistID )
For some reason, the result is this.
/test.asp?ChecklistID=4784,%204784
Why is this returning in TWO ID's? I only have ONE record in the 'results' table. And it is '4784'.
Adding the code
<%
'Option Explicit
Dim SQLStmt, sql, RS, ChecklistID, Location, ChecklistDate, Driveup,
ConnectString, conn, objconn
Dim weeds, parking_lot, sidewalk, windows, exterior_trash, door_clean
Dim mats_clean, Notes_page1
Location = Request("Location")
ChecklistDate = Request("ChecklistDate")
Driveup = Request("Driveup")
ChecklistID = Request("ChecklistID")
weeds = Request("weeds")
parking_lot = Request("parking_lot")
sidewalk = Request("sidewalk")
windows = Request("windows")
exterior_trash = Request("exterior_trash")
door_clean = Request("door_clean")
mats_clean = Request("mats_clean")
Notes_page1 = Request("Notes_page1")
ConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &
Server.MapPath("../xyz/mydatabase.mdb")
Set conn = Server.CreateObject("ADODB.Connection")
conn.open ConnectString
SQLStmt = "SELECT * FROM Results WHERE ChecklistID =" & ChecklistID & " ; "
Set RS = Server.CreateObject("ADODB.Recordset")
RS.open "Results", conn, 3, 3
RS.Update
RS("ChecklistDate") = ChecklistDate
RS("Driveup") = Driveup
RS("weeds") = weeds
RS("parking_lot") = parking_lot
RS("sidewalk") = sidewalk
RS("windows") = windows
RS("exterior_trash") = exterior_trash
RS("door_clean") = door_clean
RS("mats_clean") = mats_clean
RS("Notes_page1") = Notes_page1
RS.Update
RS.close
set RS = nothing
conn.close
set conn = nothing
response.redirect( "test.asp?ChecklistID=" + ChecklistID )
%>
The browser might be retaining some history with response.redirect. Try using Server.Transfer. Or, if it's the same page, you might not have to re-add the query string.
Solved
I had the same hidden field in there twice causing the issue.
Related
Here is a snippet of what I'm working on. Please let me know if I need to post more:
<% # LANGUAGE = VBScript ENABLESESSIONSTATE = False %>
<!--#include file="Connections/ConnectionString.asp" -->
<!--#include file="SqlCheckInclude.asp" -->
<%
Dim LoginTest
LoginTest = ""
If Request.QueryString("Action") = "Login" Then
Dim IsUserNameLocked
Set IsUserNameLocked = Server.CreateObject("ADODB.Recordset")
IsUserNameLocked.ActiveConnection = ConnectionString
sProUserName = Request.Form("ProUserName")
sanitizedProUserName = "'" & Replace(sProUserName, "'", "''") & "'"
Response.Write(sanitizedProUserName)
Response.End()
IsUserNameLocked.Source = "SELECT IL_Date, IL_Timer, IL_NumOfTimes, ProUserName FROM PROFILE WHERE ProUserName =" & sanitizedProUserName
IsUserNameLocked.CursorType = 2
IsUserNameLocked.CursorLocation = 3
IsUserNameLocked.LockType = 3
IsUserNameLocked.Open
if not IsUserNameLocked.eof then
intNumOfIncorrectLogin = IsUserNameLocked("IL_NumOfTimes")
InCorrectLoginDate = IsUserNameLocked("IL_Date")
InCorrectLoginTime = IsUserNameLocked("IL_Timer")
end if
IsUserNameLocked.close
set IsUserNameLocked = nothing
end if
%>
I attempted to convert it to:
If Request.QueryString("Action") = "Login" Then
Dim IsUserNameLocked
Set IsUserNameLocked = Server.CreateObject("ADODB.Recordset")
IsUserNameLocked.ActiveConnection = ConnectionString
strSql = "SELECT IL_Date, IL_Timer, IL_NumOfTimes, ProUserName FROM PROFILE WHERE ProUserName = ?"
strSearch = Request.Form("ProUserName")
set objCommand = Server.CreateObject("ADODB.Command")
objCommand.ActiveConnection = ConnectionString
objCommand.CommandText = strSql
objCommand.Parameters(0).value = strSearch
IsUserNameLocked.results = objCommand.Execute()
IsUserNameLocked.CursorType = 2
IsUserNameLocked.CursorLocation = 3
IsUserNameLocked.LockType = 3
IsUserNameLocked.Open
end if
But this did not work. I have been searching online for the past few hours attempting to find a method that properly works, but I'm getting no functioning results. If someone could please help with an implementation that properly parameterizes and protects against SQL injection, I would be extremely grateful.
According to the docs, you need to .Append a parameter to a Command's parameter collection. Evidence:
>> Set oCmd = CreateObject("ADODB.Command")
>> WScript.Echo "# parameters", oCmd.Parameters.Count
>> oCmd.Parameters(0).Value = "no such thing"
>>
# parameters 0
Error Number: 3265
Error Description: Item cannot be found in the collection corresponding to the requested name or ordinal.
Do you use a global On Error Resume Next?
I have a piece of code that works and do:
Reads a Database , reads a template (template.htm), put data in a new file based in the template (evento.htm), read that file and send an email with the content of the file generated. Code below (I cut the database part):
<%
NomeDoTemplate= "template.htm"
CaminhoDoTemplate= Server.MapPath(NomeDoTemplate)
CaminhoDoTemplateAjustado= Mid(CaminhoDoTemplate,1,InStrRev(CaminhoDoTemplate,"\"))
NomeDoArquivo= "evento.htm"
CaminhoDoArquivo= Server.MapPath(NomeDoArquivo)
Set ManipulacaoDeArquivo= Server.CreateObject("Scripting.FileSystemObject")
Set ObjetoArquivo= ManipulacaoDeArquivo.OpenTextFile(CaminhoDoTemplate, 1)
DadosDoObjetoArquivo= ObjetoArquivo.ReadAll
ObjetoArquivo.Close
DadosDoObjetoArquivo= Replace(DadosDoObjetoArquivo, "[Cliente]", Um)
Set ObjetoArquivo= ManipulacaoDeArquivo.CreateTextFile(CaminhoDoTemplateAjustado & NomeDoArquivo)
ObjetoArquivo.Write(DadosDoObjetoArquivo)
Set ObjetoArquivo= ManipulacaoDeArquivo.OpenTextFile(CaminhoDoTemplateAjustado & NomeDoArquivo, 1)
DadosDoObjetoArquivo= ObjetoArquivo.ReadAll
Dim objCDOSYSMail
Dim objCDOSYSCon
Set objCDOSYSMail = Server.CreateObject("CDO.Message")
Set objCDOSYSCon = Server.CreateObject ("CDO.Configuration")
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.server.com"
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "user_id"
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "password"
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30
objCDOSYSCon.Fields.update
Set objCDOSYSMail.Configuration = objCDOSYSCon
objCDOSYSMail.From = "ABC <abc#server.com>"
objCDOSYSMail.To = "sender#gmail.com"
objCDOSYSMail.Subject = "Contato"
objCDOSYSMail.HTMLBody= DadosDoObjetoArquivo
objCDOSYSMail.Send
Set objCDOSYSMail = Nothing
Set objCDOSYSCon = Nothing
%>
I would like to make this simple, skiping the step of generating the file in the disk. I would like to:
Read a Database, reads a template, put data in memory, send the mail with that data in memory.
Thanks
If I see it correctly, all you have to do is skip the part where you save the file and re-read it... I have refactored your code, gave the variables some english names so I could see what's going on, and commented out the lines you don't need:
<%
Dim TemplateName : TemplateName = "template.htm"
Dim TemplateFullPath : TemplateFullPath = Server.MapPath(TemplateName)
Dim TemplatePath : TemplatePath = Mid(TemplateFullPath,1,InStrRev(TemplateFullPath,"\"))
Dim ArchiveName : ArchiveName = "evento.htm"
Dim ArchiveFullPath : ArchiveFullPath = Server.MapPath(ArchiveName)
Dim FSO, TemplateFile, TemplateText
Set FSO = Server.CreateObject("Scripting.FileSystemObject")
Set TemplateFile = FSO.OpenTextFile(TemplateFullPath, 1)
TemplateText = TemplateFile.ReadAll()
TemplateText = Replace(TemplateText, "[Cliente]", Um)
TemplateFile.Close()
' Really simple - to do this in-memory, simply don't save and re-read the file....
' Set TemplateFile = FSO.CreateTextFile(TemplatePath & ArchiveName)
' TemplateFile.Write(TemplateText)
' Set TemplateFile = FSO.OpenTextFile(TemplatePath & ArchiveName, 1)
' TemplateText = TemplateFile.ReadAll
Set TemplateFile = Nothing
Set FSO = Nothing
Dim objCDOSYSMail, objCDOSYSCon
Set objCDOSYSMail = Server.CreateObject("CDO.Message")
Set objCDOSYSCon = Server.CreateObject ("CDO.Configuration")
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.server.com"
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "user_id"
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "password"
objCDOSYSCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30
objCDOSYSCon.Fields.update
Set objCDOSYSMail.Configuration = objCDOSYSCon
objCDOSYSMail.From = "ABC <abc#server.com>"
objCDOSYSMail.To = "sender#gmail.com"
objCDOSYSMail.Subject = "Contato"
objCDOSYSMail.HTMLBody= TemplateText
objCDOSYSMail.Send
Set objCDOSYSMail.Configuration = Nothing
Set objCDOSYSMail = Nothing
Set objCDOSYSCon = Nothing
%>
Hope this helps,
Erik
you could use several techniques:
write your own stringbuilder class
use the .net system.io.stringwriter class (yes you can use this from classic asp)
use the adodb.stream object
example stringwriter:
set sw = server.createObject("system.io.stringwriter")
sw.write_12( DadosDoObjetoArquivo )
objCDOSYSMail.HTMLBody = sw.getStringBuilder().toString()
example (adodb.stream):
set stream = server.createobject("ADODB.Stream")
with stream
.Open
.WriteText DadosDoObjetoArquivo
end with
objCDOSYSMail.HTMLBody = stream.ReadText
stream.Close
I've written this script which pulls the sAMAccountName of the specified user from the AD via VBscript, but it seems to only work within my own OU group. Is this due to a permissions restriction within my company? Or is this due to something i'm not seeing in the code?
Dim result
result = getsAMAccountName("Some Name")
msgbox result
Function getsAMAccountName(name)
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strsAM, objUser
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
msgbox strDNSDomain
strBase = "<LDAP://" & strDNSDomain & ">"
'be sure passed var usersel is referenced properly
strFilter = "(cn=" & name & ")"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
strsAM = adoRecordset.Fields("distinguishedName").Value
Set objUser = GetObject("LDAP://" & strsAM)
getsAMAccountName = objUser.sAMAccountName
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
End Function
Does it work when you specify the OU in your GetObject call?
GetObject("LDAP://OU=YourOU,DC=YourDomain,DC=com")
From this question Querying Active Directory using VBScript
Ended up being permissions, be sure to include/specify a processID and PW when moving LDAP pulls to asp classic... and avoid asp classic
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
With adoConnection
.Properties("User ID") = ' Process ID goes
.Properties("Password") = 'password
.Properties("encrypt password") = True
End With
adoConnection.Open "Active Directory Provider"
Set adoCommand = CreateObject("ADODB.Command")
Set adoCommand.ActiveConnection = adoConnection
I try to make this gridview sortable, but it simply doesn't work, anyone know why?
Dim sql As String = "SELECT Product_ID, Code, Trade_Name "
sql = sql & "FROM Product "
sql = sql & "WHERE Category = ? "
Dim conn As String = WebConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString
Dim dad As New OleDbDataAdapter(sql, conn)
dad.SelectCommand.Parameters.AddWithValue("?", CatID)
Dim dtblProduct As New DataTable()
dad.Fill(dtblProduct)
Dim grdProducts As New GridView
grdProducts.ID = "grdProducts"
grdProducts.CellPadding = 5
grdProducts.CellSpacing = 5
grdProducts.GridLines = GridLines.None
grdProducts.AutoGenerateColumns = False
grdProducts.HeaderStyle.HorizontalAlign = HorizontalAlign.Left
grdProducts.EmptyDataText = "No Products Available."
grdProducts.DataSource = dtblProduct
Dim dataNavigateUrlFields() As String = {"Product_ID"}
Dim blnfirstCol As Boolean = True
Dim strPageResolveURL As String = String.Empty
Dim strLnkSelectText As String = String.Empty
For Each col As Data.DataColumn In dtblProduct.Columns
If blnfirstCol Then
Dim lnkSelect As New HyperLinkField
With lnkSelect
.Text = _strAction
.DataNavigateUrlFields = dataNavigateUrlFields
.DataNavigateUrlFormatString = Page.ResolveUrl(_strDirectPage & ".aspx?ProductID={0}&Cat=" & CatID)
End With
grdProducts.Columns.Add(lnkSelect)
blnfirstCol = False
Else
Dim myBoundField As New BoundField()
With myBoundField
Select Case col.ColumnName
Case "CODE"
.HeaderText = "Code"
.ItemStyle.Width = 100
.HtmlEncode = False
Case "TRADE_NAME"
.HeaderText = "Trade Name"
.ItemStyle.Width = 200
End Select
.DataField = col.ColumnName
.Visible = True
End With
grdProducts.Columns.Add(myBoundField)
End If
Next
grdProducts.AllowSorting = True ' Should already be true, but this doesnt help
grdProducts.DataBind()
It's frustrating!
I think you are not assigning SortExpression property in Columns.
Please check this example for more detail.
In your example, just add
.SortExpression= col.ColumnName
below
.DataField = col.ColumnName
Since you are adding columns manually, you have to set the SortExpression property for each of them. See last note here.
I'm trying to update an NText field in SQL 2000 using Classic ASP. Here is the code I'm using to do it. Any one have any pointers on how to maybe speed it up? Or am I stuck with it.
set Cnn = server.CreateObject("ADODB.connection")
Cnn.ConnectionString = Application("Cnn_ConnectionString")
Cnn.open
set rs = server.CreateObject("ADODB.Recordset")
rs.CursorType = adoOpenDynamic
rs.LockType = adLockOptimistic
conChunkSize = 100
rs.Open "MyTable",Cnn, , , adCmdTable
rs.Find "MyDataId=" & request("DataId"),,adSearchForward,1
lngOffset = 0
lngLogoSize = len(request("txtMyEntry"))*2
Do while lngOffset < lngLogoSize
varChunk = LeftB(RightB(request("txtMyEntry"), lngLogoSize - _
lngOffset), conChunkSize)
rs("MyDataField").AppendChunk varChunk
lngOffset = lngOffset + conChunkSize
Loop
rs.Update
rs.Close
Oh and this code is almost verbatim from the MSDN site.
First I would eliminate the chunking which is so 90's.
Then there is:-
rs.Open "MyTable",Cnn, , , adCmdTable
rs.Find "MyDataId=" & request("DataId"),,adSearchForward,1
Yikes! You'd like to think that ADO intelligently asked SQL server to find that record based on the indexed MyDataId field but bet it doesn't. Its most likely pulling the entire contents of the table across until the record is arrived at.
This really should be done with an UPDATE T-SQL statement and an ADODB.Command object.
Set cmd = Server.CreateObject("ADODB.Command")
cmd.ActiveConnection = cnn
cmd.CommandType = 1 '' // adCmdText
cmd.CommandText = "UPDATE MyTable SET MyDataField = ? WHERE MyDataId = ?"
cmd.Parameters.Append cmd.CreateParameter("dataField", 203, 1, Len(txtMyEntry), txtMyEntry) '' // 203 = asLongVarWChar, 1 = adParamInput
cmd.Parameters.Append cmd.CreateParameter("id", 3, 1, , CInt(DataID)) '' // 3 = adInteger
cmd.Execute