Trying to post to SQL db from form

Hi

I have been trying to post from a form to a SQL dab=tabase for a couple of
hours. I've done it before, but i must be having memory problems.

I have 2 files, one with a form, and one to do the INSERTing.

These two files are below (only small as they are only test) - can you see
what's wrong with them?

Thanks

Phil

items.asp (the form)
--------

Re: Trying to post to SQL db from form

What makes you think something is wrong? Are you getting an error? If so,
what is it?

BTW, what happens when someone enters:


'; drop table tbl_house_items;

into fld_itemName? DON'T TRY IT. But read about SQL injection.
http://www.google.com/search?q=asp+sql+injection

Ray at work









"Phil Kelly" wrote in message
news:exCrmnn%23FHA.4092@TK2MSFTNGP10.phx.gbl...
> Hi
>
> I have been trying to post from a form to a SQL dab=tabase for a couple of
> hours. I've done it before, but i must be having memory problems.
>
> I have 2 files, one with a form, and one to do the INSERTing.
>
> These two files are below (only small as they are only test) - can you see
> what's wrong with them?
>
> Thanks
>
> Phil
>
> items.asp (the form)
> --------
>
>
>
>
>
>
>
>
>
>
>

Re: Trying to post to SQL db from form

Hi Ray

I receive an:

"HTTP 500 - Internal server error
Internet Explorer " error

And the rows are not created in the database table.

Phil
"Ray Costanzo [MVP]" wrote in
message news:ONhkSZq%23FHA.1676@TK2MSFTNGP09.phx.gbl...
> What makes you think something is wrong? Are you getting an error? If
> so, what is it?
>
> BTW, what happens when someone enters:
>
>
> '; drop table tbl_house_items;
>
> into fld_itemName? DON'T TRY IT. But read about SQL injection.
> http://www.google.com/search?q=asp+sql+injection
>
> Ray at work
>
>
>
>
>
>
>
>
>
> "Phil Kelly" wrote in message
> news:exCrmnn%23FHA.4092@TK2MSFTNGP10.phx.gbl...
>> Hi
>>
>> I have been trying to post from a form to a SQL dab=tabase for a couple
>> of hours. I've done it before, but i must be having memory problems.
>>
>> I have 2 files, one with a form, and one to do the INSERTing.
>>
>> These two files are below (only small as they are only test) - can you
>> see what's wrong with them?
>>
>> Thanks
>>
>> Phil
>>
>> items.asp (the form)
>> --------
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>

Re: Trying to post to SQL db from form

We need to see the real error message:
http://www.aspfaq.com/show.asp?id=2109

Phil Kelly wrote:
> Hi Ray
>
> I receive an:
>
> "HTTP 500 - Internal server error
> Internet Explorer " error
>
> And the rows are not created in the database table.
>
> Phil
> "Ray Costanzo [MVP]" wrote
> in message news:ONhkSZq%23FHA.1676@TK2MSFTNGP09.phx.gbl...
>> What makes you think something is wrong? Are you getting an error? If
>> so, what is it?
>>
>> BTW, what happens when someone enters:
>>
>>
>> '; drop table tbl_house_items;
>>
>> into fld_itemName? DON'T TRY IT. But read about SQL injection.
>> http://www.google.com/search?q=asp+sql+injection
>>
>> Ray at work

Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Re: Trying to post to SQL db from form

Bob

Thanks for that - never knew that was an option!

The error returned now is:

Microsoft VBScript compilation error '800a0401'
Expected end of statement

/devtests/writeitems.asp, line 13

myConnection = New SqlConnection("Driver={SQL Server}; " _
--------------------------------^The code in the .asp page is:

<%
Dim LogFileQuery
Dim LogFileAction
Dim myConnection

myConnection = New SqlConnection("Driver={SQL Server}; " _
& "Data Source=ATLAS-SQL-02;" _
& "Database=infatech_com_db1;" _
& "User Id=infatech.com_dbuser;Password=M#1i1#aL;")

myConnection.Open

LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") & "','"&
Request.Form("fld_itemDescription") & "')"

Set LogFileAction = myConnection.Execute(LogFileQuery)

' Close database connection and dispose of the object

Set LogFileAction=Nothing
Set MyConnection=Nothing
%>


"Bob Barrows [MVP]" wrote in message
news:ulAHwRy%23FHA.4092@TK2MSFTNGP10.phx.gbl...
> We need to see the real error message:
> http://www.aspfaq.com/show.asp?id=2109
>
> Phil Kelly wrote:
>> Hi Ray
>>
>> I receive an:
>>
>> "HTTP 500 - Internal server error
>> Internet Explorer " error
>>
>> And the rows are not created in the database table.
>>
>> Phil
>> "Ray Costanzo [MVP]" wrote
>> in message news:ONhkSZq%23FHA.1676@TK2MSFTNGP09.phx.gbl...
>>> What makes you think something is wrong? Are you getting an error? If
>>> so, what is it?
>>>
>>> BTW, what happens when someone enters:
>>>
>>>
>>> '; drop table tbl_house_items;
>>>
>>> into fld_itemName? DON'T TRY IT. But read about SQL injection.
>>> http://www.google.com/search?q=asp+sql+injection
>>>
>>> Ray at work
>
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>

Re: Trying to post to SQL db from form

You seem to be mixing classic ASP with ASP.Net - the line with an error is
ASP.Net.

Jevon


"Phil Kelly" wrote in message
news:u74iSe9%23FHA.160@TK2MSFTNGP12.phx.gbl...
> Bob
>
> Thanks for that - never knew that was an option!
>
> The error returned now is:
>
> Microsoft VBScript compilation error '800a0401'
> Expected end of statement
>
> /devtests/writeitems.asp, line 13
>
> myConnection = New SqlConnection("Driver={SQL Server}; " _
> --------------------------------^The code in the .asp page is:
>
> <%
> Dim LogFileQuery
> Dim LogFileAction
> Dim myConnection
>
> myConnection = New SqlConnection("Driver={SQL Server}; " _
> & "Data Source=ATLAS-SQL-02;" _
> & "Database=infatech_com_db1;" _
> & "User Id=infatech.com_dbuser;Password=M#1i1#aL;")
>
> myConnection.Open
>
> LogFileQuery = "INSERT into tbl_house_items(id, fld_itemName,
> fld_itemDescription) VALUES (NULL, '"& Request.Form("fld_itemName") &
> "','"& Request.Form("fld_itemDescription") & "')"
>
> Set LogFileAction = myConnection.Execute(LogFileQuery)
>
> ' Close database connection and dispose of the object
>
> Set LogFileAction=Nothing
> Set MyConnection=Nothing
> %>
>
>
> "Bob Barrows [MVP]" wrote in message
> news:ulAHwRy%23FHA.4092@TK2MSFTNGP10.phx.gbl...
>> We need to see the real error message:
>> http://www.aspfaq.com/show.asp?id=2109
>>
>> Phil Kelly wrote:
>>> Hi Ray
>>>
>>> I receive an:
>>>
>>> "HTTP 500 - Internal server error
>>> Internet Explorer " error
>>>
>>> And the rows are not created in the database table.
>>>
>>> Phil
>>> "Ray Costanzo [MVP]" wrote
>>> in message news:ONhkSZq%23FHA.1676@TK2MSFTNGP09.phx.gbl...
>>>> What makes you think something is wrong? Are you getting an error? If
>>>> so, what is it?
>>>>
>>>> BTW, what happens when someone enters:
>>>>
>>>>
>>>> '; drop table tbl_house_items;
>>>>
>>>> into fld_itemName? DON'T TRY IT. But read about SQL injection.
>>>> http://www.google.com/search?q=asp+sql+injection
>>>>
>>>> Ray at work
>>
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap so I
>> don't check it very often. If you must reply off-line, then remove the
>> "NO SPAM"
>>
>
>