Develop Reference

Classic ASP ADO Setting Bookmark Causes Error

The following classic ASP code generates an error on the line rsTemp.Bookmark = varCurrBookmark. This appears to be fairly simplistic code and should work. Note that I can read the bookmark but can't set it. Also, this code will work if I uncomment the line and set the CursorLocation = 3 (use client)
ADODB.Recordset error '800a0bb9'
Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
/app/TestBookMark.asp, line 19.
<html>
<body>
<%
strConn = "Provider=SQLOLEDB;Data Source=localhost\sqlexpress;Initial Catalog=db;User Id=uid;Password=pwd;"
Set objDataConn = Server.CreateObject("ADODB.Connection")
objDataConn.Open strConn
strQry = "SELECT * FROM tbl"
Set rsTemp = Server.CreateObject("ADODB.Recordset")
'rsTemp.CursorLocation = 3
rsTemp.Open strQry, objDataConn,3,1
lngRecordCount = rsTemp.RecordCount
varCurrBookmark = rsTemp.Bookmark
rsTemp.MoveLast
Response.Write rsTemp.Bookmark
Response.Write "<BR>"
rsTemp.Bookmark = varCurrBookmark
Response.Write varCurrBookmark
%>
</body>
</html>

classic asp verify the server result

I am trying to check or unchecked the check-boxes depends upon the data results that comes from server. But I cannot use below code correctly where I am doing wrong?
<%
Dim AFTER_SAVE, IN_VIEW, Y
Dim SQL, Data
SQL = " SELECT code, name, value FROM mytable WHERE code = '" & User & "'"
Data = Data(SQL)
%>
<%If IsArray(Data) Then%>
<%If ((Data(1,0) = "AFTER_SAVE") AND (Data(2,0) = "Y")) Then %>
document.getElementById("chkSave").checked == true;
<%End If%>
<% If ((Data(1,0) = "IN_VIEW") AND (Data(2,0) = "Y")) Then %>
document.getElementById("chkVIEW").checked == true;
<%End If%>
<%End If%>

You're trying to combine server-side code with client-side code in a very strange way. Sometimes, it's necessary to do that (i.e. use server-side VBScript to write client-side Javascript), but if I'm understanding your intent correctly, it's not needed here.
Basically, if this is actually a classic ASP page, then somewhere on that page you're generating the checkboxes in question. So all you need to do is put your database call somewhere before that, and then when you generate the checkboxes, you can output a checked='checked', or not, depending.
Note that I have no clue what Data = Data(SQL) is supposed to mean. There's no way for it to be valid VBScript code - parentheses are for arrays, but a string is not a valid array index, and then to assign it to itself like that? Anyway, I'm ignoring that part.
<html>
<head>
<%
Dim AFTER_SAVE, IN_VIEW
Dim SQL, RS, Conn
Dim User
'...blah blah blah, give a value to User, set up your DB connection, etc. etc....
SQL = "SELECT code, name, [value] FROM mytable WHERE code = '" & User & "'"
'- ("value" is a reserved keyword in SQL, hence the brackets)
Set RS = Server.Createobject("ADODB.Recordset")
RS.Open SQL, Conn, 1, 2 '- this is rather handwavy and unlikely to actually
'- work as-is; use the options and connection methods that make sense for you
Do Until RS.EOF
'- I have no idea how your data is set up; this may make no sense.
'- The idea is, read the checkbox states from your database, and
'- stick them in variables for later reference.
Select Case RS("name")
Case "AFTER_SAVE" AFTER_SAVE = RS("value")
Case "IN_VIEW" IN_VIEW = RS("value")
End Select
RS.Movenext
Loop
RS.Close
Set RS = Nothing
%>
</head>
<body>
<form method="post" action="myformhandler.asp">
<!-- form fields and stuff -->
<input type="checkbox" name="chkSave" id="chkSave" <%
If AFTER_SAVE = "Y" Then Response.Write "checked='checked'"
%> value="Y"><label for="chkSave">After save</label>
<input type="checkbox" name="chkView" id="chkView" <%
If IN_VIEW = "Y" Then Response.Write "checked='checked'"
%> value="Y"><label for="chkView">In view</label>
<!-- more form stuff -->
</form>
</body>
</html>

Syntax error (missing operator) in query expression

I know it is a common error, but I still can't solve it myself.
What I am trying to do is I have a SELECT item called status that allow the user to choose their employment status, I want to simply get the result and update the user_table(access file) status cell.
Any reply will be greatly appreciated!
The Code is below:
<!--#include file="../conn/conn.asp"-->
<%
id=request.QueryString("id")
status=request.Form("status")
sql="select * from user_table where id="&id
set rs=conn.execute(sql)
sql="update user_table set Status='"+status+"' where id="&id
'response.Write sql
conn.execute(sql)
conn.close
response.Write "<script>alert('Change Sucessful!');</script>"
set conn=nothing
response.end()
%>

I think you may be having a problem with conn.execute(sql) as well as response.end()
To fix it, you need to do either:
conn.execute sql
or
Call conn.execute(sql)
But, yeah, you should follow other comments posted as your technique has security issues. You should consider changing it to use parameters:
<!--#include file="../conn/conn.asp"-->
<%
id = request.QueryString("id")
status = request.Form("status")
sql = "select * from user_table where id = #id"
Set cmd = CreateObject("ADODB.Command")
cmd.CommandText = sql
Set cmd.ActiveConnection = conn
cmd.Prepared = True
cmd.Parameters.Refresh
cmd.Parameters("#id") = id
Set rs = cmd.Execute
Set rs = nothing
Set cmd = nothing
sql = "update user_table set status = #status where id = #id"
Set cmd = CreateObject("ADODB.Command")
cmd.CommandText = sql
Set cmd.ActiveConnection = conn
cmd.Prepared = True
cmd.Parameters.Refresh
cmd.Parameters("#status") = status
cmd.Parameters("#id") = id
Set rs = cmd.Execute
Set rs = nothing
Set cmd = nothing
response.Write "<script>alert('Change Sucessful!');</script>"
Set conn = nothing
response.end
%>

I'm guessing conn.asp leaves conn open? otherwise you need to open it. Also, what shows when you uncomment the response.write sql line?
And, you are definitely opening yourself to hackers. You need to 'clean' anything that comes from a request.form or request.querystring (with at the very least, a replace(..., "'", "''"), or much better, use stored procedures instead of straight sql

Populate Dropdown from SQL in Classic ASP

I am trying to force users to only select certain values when adding a record. So naturally I am using a dropdown, but I'd like the options to be populated by a specific field in the database. I figured I'd do a Do/Loop but I am apparently doing something wrong.
Dim dstrSQL
Dim drs
dstrSQL = "SELECT EventID FROM Events"
set conn2 = CreateObject("ADODB.Connection")
conn2.open CONN_STRING
set drs = conn2.execute(dstrSQL)
conn2.close: set conn2 = nothing
Do
Response.Write "<option value=" & drs.Fields(0) & " >" & drs.Fields(0) & "</option>"
drs.MoveNext
Loop

It's been a long time. Something like this:
conn2.open CONN_STRING
set drs = conn2.execute(dstrSQL)
do while not drs.eof %>
<option value="<%= drs.Fields(0) %>" ><%= drs.Fields(0) %></option>
<% drs.MoveNext
Loop
conn2.close
set conn2 = nothing %>

ASP How do I insert a username into a table?

I'm struggling with my code below, I'm reading the logged on users username and trying to insert their name into a SQL table called licenses, the table contains 2 columns 1 contains license numbers the other is all nulls at the moment but a username should be inserted along side one when this page loads. Currently the page just loops constantly and nothing is inserted into the table. The user inside connection1.asp does have read/write access to the database.
Any ideas? Thanks
<%#LANGUAGE="VBSCRIPT" LCID=1033%>
<%
aName = Split(Request.ServerVariables("LOGON_USER"), "\")
user = aName(UBound(aName))
user = UCase(user)
Erase aName
%>
<!--#include file="Connections/connection1.asp" -->
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_connection1_STRING
Recordset1.Source = "SELECT * FROM Licenses2 WHERE userid = '" & user & "';"
Recordset1.Open()
%>
<HTML><HEAD></HEAD>
<BODY leftmargin="5" onLoad="setTimeout('reloadFunction()',500000)">
<% Do While NOT Recordset1.EOF %>
<% strUserName =(Recordset1.Fields.Item("userid").Value)%>
<% response.write strUserName %>'s Serial Number:
<% strSerial =(Recordset1.Fields.Item("serial").Value)%>
<% response.write strSerial %>
<% Recordset1.movenext %>
<% loop %>
<%
If strUserName = user then
'record found do nothing
'response.write "user found"
else
adoCon.Execute = "SET ROWCOUNT 1; UPDATE Licenses2 SET userid = '" & user & "' WHERE userid = 'NULL';"
Response.AddHeader "Refresh", "3"
End if
%>
</BODY>
</HTML>
<%
Recordset1.Close()
Set Recordset1 = Nothing
Set Recordset2 = Nothing
%>

If the user is NOT found, should you be doing an INSERT instead of UPDATE?
If the UPDATE is correct, change the last NULL ... remove the quotes. Right now you are comparing a STRING value of 'NULL' instead of the value NULL and it should be IS NULL
SET ROWCOUNT 1; UPDATE Licenses2 SET userid = '" & user & "' WHERE userid IS NULL;
Also, see if you can comment out the <BODY ... > tag and create a new one without the RELOADFUNCTION and see if that makes a difference.
Lastly, read up on SQL Injection because your code is prone to Injection attacks. Search on StackOverflow.com for SQL Injection and you will find plenty of explanations, examples and cures.

Check if LOGON_USER is actually returning any data. If you have IIS security set to 'Anonymous' access then this will not be populated with anything.
Your code would also be potentially prone to SQL injection attacks.