Hi

I have been trying to post from a form to a SQL dab=tabase for a couple of
hours. I've done it before, but i must be having memory problems.

I have 2 files, one with a form, and one to do the INSERTing.

These two files are below (only small as they are only test) - can you see
what's wrong with them?

Thanks

Phil

items.asp (the form)
--------
<html>

<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>itemName</title>
</head>

<body>

<p> </p>
<p> </p>
<form method="POST" action="writeitems.asp">
<table border="1" width="100%" id="table1">
<tr>
<td>itemName</td>
<td><input type="text" name="fld_itemName" size="25"></td>
</tr>
<tr>
<td>itemDescription</td>
<td><input type="text" name="fld_itemDescription" size="50"></td>
</tr>
</table>
<p> </p>
<p><input type="submit" value="Submit" name="B1"><input type="reset"
value="Reset" name="B2"></p>
</form>

</body>

</html>


writeitems.asp (to write the database)
--------------

<%
Dim Connect5
Dim LogFileQuery
Dim strConn
Dim LogFileAction
Dim sstrIPAddress
Dim sstrReferer
Dim sstrPlatform
Dim myConnection As SqlConnection

'Set Connect5 = Server.CreateObject("ADODB.Connection")

myConnection = New SqlConnection("Data Source=server;" _
& "Database=database;" _
& "User Id=username;Password=password;")

MyConnection.Open

LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") & "','"&
Request.Form("fld_itemDescription") & "')"

Set LogFileAction = Connect5.Execute(LogFileQuery)

' Close database connection and dispose of the object
set sstrPage = Nothing
set sstrIPAddress = Nothing
set sstrReferer = Nothing
set sstrPlatform = Nothing
set strConn = Nothing
Set LogFileAction=Nothing
set Connect5 = Nothing

%>

What makes you think something is wrong? Are you getting an error? If so,
what is it?

BTW, what happens when someone enters:


'; drop table tbl_house_items;

into fld_itemName? DON'T TRY IT. But read about SQL injection.
http://www.google.com/search?q=asp+sql+injection

Ray at work









"Phil Kelly" <phil.kelly [at] infatech.com> wrote in message
news:exCrmnn%23FHA.4092 [at] TK2MSFTNGP10.phx.gbl...
> Hi
>
> I have been trying to post from a form to a SQL dab=tabase for a couple of
> hours. I've done it before, but i must be having memory problems.
>
> I have 2 files, one with a form, and one to do the INSERTing.
>
> These two files are below (only small as they are only test) - can you see
> what's wrong with them?
>
> Thanks
>
> Phil
>
> items.asp (the form)
> --------
> <html>
>
> <head>
> <meta http-equiv="Content-Language" content="en-gb">
> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
> <title>itemName</title>
> </head>
>
> <body>
>
> <p> </p>
> <p> </p>
> <form method="POST" action="writeitems.asp">
> <table border="1" width="100%" id="table1">
> <tr>
> <td>itemName</td>
> <td><input type="text" name="fld_itemName" size="25"></td>
> </tr>
> <tr>
> <td>itemDescription</td>
> <td><input type="text" name="fld_itemDescription" size="50"></td>
> </tr>
> </table>
> <p> </p>
> <p><input type="submit" value="Submit" name="B1"><input type="reset"
> value="Reset" name="B2"></p>
> </form>
>
> </body>
>
> </html>
>
>
> writeitems.asp (to write the database)
> --------------
>
> <%
> Dim Connect5
> Dim LogFileQuery
> Dim strConn
> Dim LogFileAction
> Dim sstrIPAddress
> Dim sstrReferer
> Dim sstrPlatform
> Dim myConnection As SqlConnection
>
> 'Set Connect5 = Server.CreateObject("ADODB.Connection")
>
> myConnection = New SqlConnection("Data Source=server;" _
> & "Database=database;" _
> & "User Id=username;Password=password;")
>
> MyConnection.Open
>
> LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
> fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") &
> "','"& Request.Form("fld_itemDescription") & "')"
>
> Set LogFileAction = Connect5.Execute(LogFileQuery)
>
> ' Close database connection and dispose of the object
> set sstrPage = Nothing
> set sstrIPAddress = Nothing
> set sstrReferer = Nothing
> set sstrPlatform = Nothing
> set strConn = Nothing
> Set LogFileAction=Nothing
> set Connect5 = Nothing
>
> %>
>

Hi Ray

I receive an:

"HTTP 500 - Internal server error
Internet Explorer " error

And the rows are not created in the database table.

Phil
"Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
message news:ONhkSZq%23FHA.1676 [at] TK2MSFTNGP09.phx.gbl...
> What makes you think something is wrong? Are you getting an error? If
> so, what is it?
>
> BTW, what happens when someone enters:
>
>
> '; drop table tbl_house_items;
>
> into fld_itemName? DON'T TRY IT. But read about SQL injection.
> http://www.google.com/search?q=asp+sql+injection
>
> Ray at work
>
>
>
>
>
>
>
>
>
> "Phil Kelly" <phil.kelly [at] infatech.com> wrote in message
> news:exCrmnn%23FHA.4092 [at] TK2MSFTNGP10.phx.gbl...
>> Hi
>>
>> I have been trying to post from a form to a SQL dab=tabase for a couple
>> of hours. I've done it before, but i must be having memory problems.
>>
>> I have 2 files, one with a form, and one to do the INSERTing.
>>
>> These two files are below (only small as they are only test) - can you
>> see what's wrong with them?
>>
>> Thanks
>>
>> Phil
>>
>> items.asp (the form)
>> --------
>> <html>
>>
>> <head>
>> <meta http-equiv="Content-Language" content="en-gb">
>> <meta http-equiv="Content-Type" content="text/html;
>> charset=windows-1252">
>> <title>itemName</title>
>> </head>
>>
>> <body>
>>
>> <p> </p>
>> <p> </p>
>> <form method="POST" action="writeitems.asp">
>> <table border="1" width="100%" id="table1">
>> <tr>
>> <td>itemName</td>
>> <td><input type="text" name="fld_itemName" size="25"></td>
>> </tr>
>> <tr>
>> <td>itemDescription</td>
>> <td><input type="text" name="fld_itemDescription" size="50"></td>
>> </tr>
>> </table>
>> <p> </p>
>> <p><input type="submit" value="Submit" name="B1"><input type="reset"
>> value="Reset" name="B2"></p>
>> </form>
>>
>> </body>
>>
>> </html>
>>
>>
>> writeitems.asp (to write the database)
>> --------------
>>
>> <%
>> Dim Connect5
>> Dim LogFileQuery
>> Dim strConn
>> Dim LogFileAction
>> Dim sstrIPAddress
>> Dim sstrReferer
>> Dim sstrPlatform
>> Dim myConnection As SqlConnection
>>
>> 'Set Connect5 = Server.CreateObject("ADODB.Connection")
>>
>> myConnection = New SqlConnection("Data Source=server;" _
>> & "Database=database;" _
>> & "User Id=username;Password=password;")
>>
>> MyConnection.Open
>>
>> LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
>> fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") &
>> "','"& Request.Form("fld_itemDescription") & "')"
>>
>> Set LogFileAction = Connect5.Execute(LogFileQuery)
>>
>> ' Close database connection and dispose of the object
>> set sstrPage = Nothing
>> set sstrIPAddress = Nothing
>> set sstrReferer = Nothing
>> set sstrPlatform = Nothing
>> set strConn = Nothing
>> Set LogFileAction=Nothing
>> set Connect5 = Nothing
>>
>> %>
>>
>
>

We need to see the real error message:
http://www.aspfaq.com/show.asp?id=2109

Phil Kelly wrote:
> Hi Ray
>
> I receive an:
>
> "HTTP 500 - Internal server error
> Internet Explorer " error
>
> And the rows are not created in the database table.
>
> Phil
> "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote
> in message news:ONhkSZq%23FHA.1676 [at] TK2MSFTNGP09.phx.gbl...
>> What makes you think something is wrong? Are you getting an error? If
>> so, what is it?
>>
>> BTW, what happens when someone enters:
>>
>>
>> '; drop table tbl_house_items;
>>
>> into fld_itemName? DON'T TRY IT. But read about SQL injection.
>> http://www.google.com/search?q=asp+sql+injection
>>
>> Ray at work

Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Bob

Thanks for that - never knew that was an option!

The error returned now is:

Microsoft VBScript compilation error '800a0401'
Expected end of statement

/devtests/writeitems.asp, line 13

myConnection = New SqlConnection("Driver={SQL Server}; " _
--------------------------------^The code in the .asp page is:

<%
Dim LogFileQuery
Dim LogFileAction
Dim myConnection

myConnection = New SqlConnection("Driver={SQL Server}; " _
& "Data Source=ATLAS-SQL-02;" _
& "Database=infatech_com_db1;" _
& "User Id=infatech.com_dbuser;Password=M#1i1#aL;")

myConnection.Open

LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") & "','"&
Request.Form("fld_itemDescription") & "')"

Set LogFileAction = myConnection.Execute(LogFileQuery)

' Close database connection and dispose of the object

Set LogFileAction=Nothing
Set MyConnection=Nothing
%>


"Bob Barrows [MVP]" <reb01501 [at] NOyahoo.SPAMcom> wrote in message
news:ulAHwRy%23FHA.4092 [at] TK2MSFTNGP10.phx.gbl...
> We need to see the real error message:
> http://www.aspfaq.com/show.asp?id=2109
>
> Phil Kelly wrote:
>> Hi Ray
>>
>> I receive an:
>>
>> "HTTP 500 - Internal server error
>> Internet Explorer " error
>>
>> And the rows are not created in the database table.
>>
>> Phil
>> "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote
>> in message news:ONhkSZq%23FHA.1676 [at] TK2MSFTNGP09.phx.gbl...
>>> What makes you think something is wrong? Are you getting an error? If
>>> so, what is it?
>>>
>>> BTW, what happens when someone enters:
>>>
>>>
>>> '; drop table tbl_house_items;
>>>
>>> into fld_itemName? DON'T TRY IT. But read about SQL injection.
>>> http://www.google.com/search?q=asp+sql+injection
>>>
>>> Ray at work
>
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>

You seem to be mixing classic ASP with ASP.Net - the line with an error is
ASP.Net.

Jevon


"Phil Kelly" <phil.kelly [at] infatech.com> wrote in message
news:u74iSe9%23FHA.160 [at] TK2MSFTNGP12.phx.gbl...
> Bob
>
> Thanks for that - never knew that was an option!
>
> The error returned now is:
>
> Microsoft VBScript compilation error '800a0401'
> Expected end of statement
>
> /devtests/writeitems.asp, line 13
>
> myConnection = New SqlConnection("Driver={SQL Server}; " _
> --------------------------------^The code in the .asp page is:
>
> <%
> Dim LogFileQuery
> Dim LogFileAction
> Dim myConnection
>
> myConnection = New SqlConnection("Driver={SQL Server}; " _
> & "Data Source=ATLAS-SQL-02;" _
> & "Database=infatech_com_db1;" _
> & "User Id=infatech.com_dbuser;Password=M#1i1#aL;")
>
> myConnection.Open
>
> LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
> fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") &
> "','"& Request.Form("fld_itemDescription") & "')"
>
> Set LogFileAction = myConnection.Execute(LogFileQuery)
>
> ' Close database connection and dispose of the object
>
> Set LogFileAction=Nothing
> Set MyConnection=Nothing
> %>
>
>
> "Bob Barrows [MVP]" <reb01501 [at] NOyahoo.SPAMcom> wrote in message
> news:ulAHwRy%23FHA.4092 [at] TK2MSFTNGP10.phx.gbl...
>> We need to see the real error message:
>> http://www.aspfaq.com/show.asp?id=2109
>>
>> Phil Kelly wrote:
>>> Hi Ray
>>>
>>> I receive an:
>>>
>>> "HTTP 500 - Internal server error
>>> Internet Explorer " error
>>>
>>> And the rows are not created in the database table.
>>>
>>> Phil
>>> "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote
>>> in message news:ONhkSZq%23FHA.1676 [at] TK2MSFTNGP09.phx.gbl...
>>>> What makes you think something is wrong? Are you getting an error? If
>>>> so, what is it?
>>>>
>>>> BTW, what happens when someone enters:
>>>>
>>>>
>>>> '; drop table tbl_house_items;
>>>>
>>>> into fld_itemName? DON'T TRY IT. But read about SQL injection.
>>>> http://www.google.com/search?q=asp+sql+injection
>>>>
>>>> Ray at work
>>
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap so I
>> don't check it very often. If you must reply off-line, then remove the
>> "NO SPAM"
>>
>
>