Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Form update inside loop

Reply
Thread Tools

Form update inside loop

 
 
David
Guest
Posts: n/a
 
      01-25-2008
I have an asp update page which I cannot fathom.

Basically I have an asp page which displays a recordset of items on an
order
I have a link on the same page which takes the user to an edit page
for the same data, i.e. data in text boxes etc.

First, I created an update loop to save any changes to any of the text
boxes in any row for all records. There are 2 text boxes for each
record, order qty (P_metal_qty) and outstanding order qty
(P_metal_Open)
Each field on the edit page is coded like: <input style='text-align:
center' type=text name=mqty_" & RS("Phoenix_orderline_ID") & "
value=" & RS("P_metal_qty") & ">

On the next update page, after hitting submit.....


If Request.Form("ID").Count > 0 then

For i = 1 to Request.Form("ID").Count

uSQL = "UPDATE phoenix_orderlines SET "
uSQL = uSQL & " P_metal_qty = '" & request.form("mqty_" &
Request.Form("ID")(i)) & "'"
uSQL = uSQL & ", P_metal_Open ='" & request.form("mopen_" &
Request.Form("ID")(i)) & "'"
uSQL = uSQL & " WHERE Phoenix_orderline_ID= '" &
Request.Form("ID")(i) & "';"
Set RS = adoDataConn.Execute(uSQL)
Next

End If



This code works fine.
I then needed to add an additional two text boxes to each row just for
entering data against each record (Qty Delivered & Delivery Note #),
but which would be updated to different tables, and not display in
these text boxes in edit mode. They are just for entering the data,
and it gets saved elsewhere.

The Problem
When I try and the use the ID from the above code whilst still in the
loop, it throws me all th ID's of all the records displayed, not the
one in the current loop, i.e. if I response.write Request.Form("ID")
(i) I get 188185184186187 printed, so from that I do not understand
how the above code works ??
I thought only a single ID would be used during each cycle of the
loop.

Appreciate any help you can offer, thanks

David
 
Reply With Quote
 
 
 
 
Anthony Jones
Guest
Posts: n/a
 
      01-25-2008
"David" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have an asp update page which I cannot fathom.
>
> Basically I have an asp page which displays a recordset of items on an
> order
> I have a link on the same page which takes the user to an edit page
> for the same data, i.e. data in text boxes etc.
>
> First, I created an update loop to save any changes to any of the text
> boxes in any row for all records. There are 2 text boxes for each
> record, order qty (P_metal_qty) and outstanding order qty
> (P_metal_Open)
> Each field on the edit page is coded like: <input style='text-align:
> center' type=text name=mqty_" & RS("Phoenix_orderline_ID") & "
> value=" & RS("P_metal_qty") & ">
>
> On the next update page, after hitting submit.....
>
>
> If Request.Form("ID").Count > 0 then
>
> For i = 1 to Request.Form("ID").Count
>
> uSQL = "UPDATE phoenix_orderlines SET "
> uSQL = uSQL & " P_metal_qty = '" & request.form("mqty_" &
> Request.Form("ID")(i)) & "'"
> uSQL = uSQL & ", P_metal_Open ='" & request.form("mopen_" &
> Request.Form("ID")(i)) & "'"
> uSQL = uSQL & " WHERE Phoenix_orderline_ID= '" &
> Request.Form("ID")(i) & "';"
> Set RS = adoDataConn.Execute(uSQL)
> Next
>
> End If
>
>
>
> This code works fine.
> I then needed to add an additional two text boxes to each row just for
> entering data against each record (Qty Delivered & Delivery Note #),
> but which would be updated to different tables, and not display in
> these text boxes in edit mode. They are just for entering the data,
> and it gets saved elsewhere.
>
> The Problem
> When I try and the use the ID from the above code whilst still in the
> loop, it throws me all th ID's of all the records displayed, not the
> one in the current loop, i.e. if I response.write Request.Form("ID")
> (i) I get 188185184186187 printed, so from that I do not understand
> how the above code works ??
> I thought only a single ID would be used during each cycle of the
> loop.
>



Well you've shown us code that does what you expect but not the actual code
that has you scratching your head. E.g., is you have simply place
Response.Write Request.Form("ID")(i) inside your loop then its going to send
each string one after the other so I'd expect the result you indicated.

However you do a serious problem. Search the web for "SQL Injection".
Basically give that form I could formulate a value for one of the text boxes
(e.g., 0'; DELETE phoenix_orderlines; --) That would some nasty things to
your DB.

Also since you look the ID fields by ordinal number why not mqy and mopen?



--
Anthony Jones - MVP ASP/ASP.NET


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Triple nested loop python (While loop insde of for loop inside ofwhile loop) Isaac Won Python 9 03-04-2013 10:08 AM
Putting the loop inside of loop properly Isaac Won Python 1 03-01-2013 06:40 PM
Re: How to loop through a list while inside the loop, the list size may be decreased? Roedy Green Java 3 09-13-2008 01:51 AM
Radio Button Loop inside Form Element Loop wreed Javascript 9 10-16-2006 01:39 PM
Loop Inside loop for writing text lines Aggelos ASP General 2 11-12-2003 09:59 AM



Advertisments