The following classic ASP code generates an error on the line rsTemp.Bookmark = varCurrBookmark. This appears to be fairly simplistic code and should work. Note that I can read the bookmark but can't set it. Also, this code will work if I uncomment the line and set the CursorLocation = 3 (use client)
ADODB.Recordset error '800a0bb9'
Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
/app/TestBookMark.asp, line 19.
<html>
<body>
<%
strConn = "Provider=SQLOLEDB;Data Source=localhost\sqlexpress;Initial Catalog=db;User Id=uid;Password=pwd;"
Set objDataConn = Server.CreateObject("ADODB.Connection")
objDataConn.Open strConn
strQry = "SELECT * FROM tbl"
Set rsTemp = Server.CreateObject("ADODB.Recordset")
'rsTemp.CursorLocation = 3
rsTemp.Open strQry, objDataConn,3,1
lngRecordCount = rsTemp.RecordCount
varCurrBookmark = rsTemp.Bookmark
rsTemp.MoveLast
Response.Write rsTemp.Bookmark
Response.Write "<BR>"
rsTemp.Bookmark = varCurrBookmark
Response.Write varCurrBookmark
%>
</body>
</html>
Related
Can someone point me in the right direction for information on how to push data to Active Directory from Classic ASP?
There are a couple of ways this can be done from classic ASP.
Use ADO with ADSI
Use the ADSI Objects of LDAP
Here's a sample from Modifying an ADSI Object from ADO
'Replace department for all users in OU=sales.
Set con = Server.CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
Set command = CreateObject("ADODB.Command")
Set command.ActiveConnection = con
command.CommandText = "SELECT AdsPath, cn FROM 'LDAP://OU=Sales,DC=Fabrikam,DC=com' WHERE objectClass = 'user'"
command.Properties("searchscope") = ADS_SCOPE_ONELEVEL
Set rs = command.Execute
While Not rs.EOF
Set usr = GetObject(rs.Fields("AdsPath").Value)
usr.Put "department", "1001"
usr.SetInfo
rs.MoveNext
Wend
Here's a sample from the article Getting Started with ASP for ADSI.
<%# Language=VBScript %>
<%
' Get the inputs.
containerName = Request.Form("inpContainer")
' Validate compName before using.
If Not ("" = containerName) Then
' Bind to the object.
adsPath = "LDAP://" & containerName
Set comp = GetObject(adsPath)
' Write the ADsPath of each of the child objects.
Response.Write("<p>Enumeration:</p>")
For Each obj in comp
Response.Write(obj.ADsPath + "<BR>")
Next
End If
%>
I am trying to fetch data from database using recordset with following code in classic ASP .I am using windows 7 32 bit OS:
<%
dim con,rs
set con=Server.Createobject("ADODB.Connection")
con.Provider="Microsoft.Jet.OLEDB.4.0"
con.Open "c:\inetpub\wwwroot\New folder\123.mdb"
rs.Open "select * from student",con
for each x in rs.fields
response.write(x.name)
response.write("=")
response.write(x.value)
next
rs.Close
con.Close
%>
error is:
Microsoft VBScript runtime error '800a01a8'
Object required: ''
/New folder/recordset.asp, line 7
The word "rs" is not reserved in VBScript, you must create a recordset yourself.
Change the line:
rs.Open "select * from student",con
To this instead:
Set rs = con.Execute("select * from student")
You also iterate only the first record, to iterate all records change the code to:
Do Until rs.EOF
for each x in rs.fields
response.write(x.name)
response.write("=")
response.write(x.value)
response.write(", ")
next
response.write("<br />")
rs.MoveNext
Loop
<html>
<title>Test</title>
<body bgcolor="FFFFFF">
<%
sort = CStr(Request("sort"))
search = CStr(Request("search"))
Set conn = Server.CreateObject("ADODB.Connection")
conn.open "Provider=SQLOLEDB.1;Password=123;Persist Security Info=True;User ID=sa;Initial Catalog=asdf;Data Source=WIN-123"
Set rs = Server.CreateObject("ADODB.Recordset")
If sort = "ascending" Then
SQL = "select top 50 * from asdf order by Name"
ElseIf (search Is Not Nothing)
SQL = "select * from asdf WHERE name = '" & search & "'"
Else
SQL = "select top 50 * from asdf"
End If
rs.open SQL, conn
%>
<center><form acion="index.asp">
Search Name:<input name="search" /><input type="submit" value="Submit" />
</form></center>
I'm getting an error on my
Else If (search Is Not Nothing)
line, from what I can tell it should work. and of course I also cannot for some reason browse my site on my server to see what the actual error is.
Tested on my IIS 5, without option explicit, when you use
search=CStr(Request("search"))
your search has been initialized to string (VarType: 8).
So even if search is "empty", you can not use IsEmpty or similar function/statement to see if it's empty. Use
ElseIf search<>"" Then
directly.
Also, remember to sanitize your SQL queries...
I know it is a common error, but I still can't solve it myself.
What I am trying to do is I have a SELECT item called status that allow the user to choose their employment status, I want to simply get the result and update the user_table(access file) status cell.
Any reply will be greatly appreciated!
The Code is below:
<!--#include file="../conn/conn.asp"-->
<%
id=request.QueryString("id")
status=request.Form("status")
sql="select * from user_table where id="&id
set rs=conn.execute(sql)
sql="update user_table set Status='"+status+"' where id="&id
'response.Write sql
conn.execute(sql)
conn.close
response.Write "<script>alert('Change Sucessful!');</script>"
set conn=nothing
response.end()
%>
I think you may be having a problem with conn.execute(sql) as well as response.end()
To fix it, you need to do either:
conn.execute sql
or
Call conn.execute(sql)
But, yeah, you should follow other comments posted as your technique has security issues. You should consider changing it to use parameters:
<!--#include file="../conn/conn.asp"-->
<%
id = request.QueryString("id")
status = request.Form("status")
sql = "select * from user_table where id = #id"
Set cmd = CreateObject("ADODB.Command")
cmd.CommandText = sql
Set cmd.ActiveConnection = conn
cmd.Prepared = True
cmd.Parameters.Refresh
cmd.Parameters("#id") = id
Set rs = cmd.Execute
Set rs = nothing
Set cmd = nothing
sql = "update user_table set status = #status where id = #id"
Set cmd = CreateObject("ADODB.Command")
cmd.CommandText = sql
Set cmd.ActiveConnection = conn
cmd.Prepared = True
cmd.Parameters.Refresh
cmd.Parameters("#status") = status
cmd.Parameters("#id") = id
Set rs = cmd.Execute
Set rs = nothing
Set cmd = nothing
response.Write "<script>alert('Change Sucessful!');</script>"
Set conn = nothing
response.end
%>
I'm guessing conn.asp leaves conn open? otherwise you need to open it. Also, what shows when you uncomment the response.write sql line?
And, you are definitely opening yourself to hackers. You need to 'clean' anything that comes from a request.form or request.querystring (with at the very least, a replace(..., "'", "''"), or much better, use stored procedures instead of straight sql
I'm trying to write a parameterized query in ASP Classic, and it's starting to feel like i'm beating my head against a wall. I'm getting the following error:
Must declare the scalar variable "#something".
I would swear that is what the hello line does, but maybe i'm missing something...
<% OPTION EXPLICIT %>
<!-- #include file="../common/adovbs.inc" -->
<%
Response.Buffer=false
dim conn,connectionString,cmd,sql,rs,parm
connectionString = "Provider=SQLOLEDB.1;Integrated Security=SSPI;Data Source=.\sqlexpress;Initial Catalog=stuff"
set conn = server.CreateObject("adodb.connection")
conn.Open(connectionString)
set cmd = server.CreateObject("adodb.command")
set cmd.ActiveConnection = conn
cmd.CommandType = adCmdText
cmd.CommandText = "select #something"
cmd.NamedParameters = true
cmd.Prepared = true
set parm = cmd.CreateParameter("#something",advarchar,adParamInput,255,"Hello")
call cmd.Parameters.append(parm)
set rs = cmd.Execute
if not rs.eof then
Response.Write rs(0)
end if
%>
Here's some sample code from an MSDN Library article on preventing SQL injection attacks. I cannot find the original URL, but googling the title keywords (Preventing SQL Injections in ASP) should get you there quick enough. Hope this real-world example helps.
strCmd = "select title, description from books where author_name = ?"
Set objCommand.ActiveConnection = objConn
objCommand.CommandText = strCmd
objCommand.CommandType = adCmdText
Set param1 = objCommand.CreateParameter ("author", adWChar, adParamInput, 50)
param1.value = strAuthor
objCommand.Parameters.Append param1
Set objRS = objCommand.Execute()
See the following page on MSDN, near the bottom, referring specifically to named parameters.
MSDN example
ADO is going to expect question marks instead of actual parameter names in this case. Right now, the SQL "select #something" is not actually parameterized: it sees the "#something" as an (undeclared) SQL variable, not as a parameter. Change your CommandText line to this:
cmd.CommandText = "select ?"
And I think you will get the result you are looking for.
Good luck!
with server.createobject("adodb.command")
.activeConnection = application("connection_string")
.commandText = "update sometable set some_col=? where id=?"
.execute , array(some_value, the_id)
end with
I'm not sure what your query is intended to accomplish. I'm also not sure that parameters are allowed in the select list. MSDN used to have (many years ago, probably) a decent article on where parameters were allowed in a query, but I can't seem to find it now.
OTTOMH, your attempts to supply the parameter values to ADO look correct. Does your query execute if you do something like this?
SELECT 1 FROM sometable WHERE somefield = #something