Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > "Select * from table where MyFormVar > FieldValue" doesn't work

Reply
Thread Tools

"Select * from table where MyFormVar > FieldValue" doesn't work

 
 
Nicolae Fieraru
Guest
Posts: n/a
 
      07-17-2003
Hi All,

I try to build an asp page and I try to execute this sql string:

dim weight
weight = CLng(Request.Form("Weight")
strQ = "SELECT * FROM tbFreightPrices WHERE MinWeight < weight"
objRS.Open strQ, objConn

What happens is that although I get corectly the weight from a form, I can't
use it in the strQ.
If weight = 345 I can display it in the page, I can do math operations with
it, but I can't use it in strQ. If I modify strQ = "SELECT * FROM
tbFreightPrices WHERE MinWeight < 345"
then I can execute the query. I tried to convert weight to a string, using
CStr but I still get an error.

Any help would be appreciated.

Regards,
Nicolae




 
Reply With Quote
 
 
 
 
Randy R
Guest
Posts: n/a
 
      07-17-2003
> strQ = "SELECT * FROM tbFreightPrices WHERE MinWeight < weight"

I think this should be...
strQ = "SELECT * FROM tbFreightPrices WHERE MinWeight < " & weight


 
Reply With Quote
 
 
 
 
Phill. W
Guest
Posts: n/a
 
      07-17-2003
"Nicolae Fieraru" <(E-Mail Removed)> wrote in message
news:3f169b02$(E-Mail Removed)...
.. . .
> dim weight
> weight = CLng(Request.Form("Weight")
> strQ = "SELECT * FROM tbFreightPrices WHERE MinWeight < weight"


When constructing SQL in this way remember - you are doing nothing
more than building up as String that just /happens/ to have some text
in it that your database will understand). You need to build it up from
the variables you are using; there's no clever variable substitution done
for you, so

Dim sWeight ' as String
sWeight = Request.Form( "weight" )
' Validate sWeight - must be a valid number!!!

' BTW: NEVER use "Select *"
strQ = "SELECT c1, c2, c3, c4 " _
& "FROM tbFreightPrices " _
& "WHERE MinWeight < " & sWeight & " "
' Always drop in debugging code to help find problems later
' Response.Write "<p>SQL(" & strQ & ")</p>"

HTH,
Phill W.


 
Reply With Quote
 
Aaron Bertrand - MVP
Guest
Posts: n/a
 
      07-17-2003
> strQ = "SELECT * FROM tbFreightPrices WHERE MinWeight < weight"

How does strQ know that weight is actually a variable? You've just included
it in a string here. What happens if you have a variable named MinWeight,
should ASP replace that value in your string also? What if you have a
variable named SELECT?

strQ = "SELECT ... WHERE MinWeight < " & weight

And SELECT * is awful, by the way... name your columns, and don't use SELECT
* in production code. (See http://www.aspfaq.com/2096)


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
table in table -> 100% height does not work Paul Schmidinger HTML 3 03-24-2011 03:47 PM
Table/table rows/table data tag question? Rio HTML 4 11-05-2004 08:11 AM
Tying up Port Login table entries with Port Table Entries in CISCO SNMP John Ramsden Cisco 0 07-24-2004 04:03 PM
Difference between routing-table and forwarding-table Joachim Krais Cisco 2 11-23-2003 02:52 PM
Could not load type VTFixup Table from assembly Invalid token in v-table fix-up table. David Williams ASP .Net 2 08-12-2003 07:55 AM



Advertisments