Thanks.
I wrote all this about a year ago and haven't had time to finish it.
Trying to finish it now and I've been looking at the w3schools.com examples
They give you enough to make you dangerous, but not enough to help, at least
in this case.
I'm considering rewriting it using this example just because its easier to
maintain, but the example shows using an access table and I can't find what
the proper syntax is for sql server in the following example..
I'll find it, just may have to drink a couple of beers and spend the evening
googling <grin>
<html>
<body>
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"
set rs = Server.CreateObject("ADODB.recordset")
rs.Open "SELECT * FROM Customers", conn
do until rs.EOF
for each x in rs.Fields
Response.Write(x.name)
Response.Write(" = ")
Response.Write(x.value & "<br />")
next
Response.Write("<br />")
rs.MoveNext
loop
rs.close
conn.close
%>
</body>
</html>
Virgil Bierschwale
http://www.bierschwale.com
http://www.bierschwalesolutions.com
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Derek Kalweit
Sent: Wednesday, May 23, 2007 3:57 PM
To: ProFox Email List
Subject: Re: [NF] code question
> I'm wanting to write the delete and edit portions, so I added a field to
sql
> server for the record number.
> When I display this screen, all of the info is text, but the record number
> is an int.
>
> What command converts a int to a string in the following code ??
VBScript, which it appears is what you're using, does implicit
conversions from integers to strings when concatenating it using the &
operator, saving you from having to convert ever single integer. If
you need to force it, you can use the CStr function.
Note that you MUST make sure you use a quote() function whenever you
create SQL where clauses-- never just use single quotes on either
side, even if the text shouldn't have any embedded apostrophes. It
appears the field you're getting is from the query string-- a
malicious individual could use SQL injection to delete records from
your tables, drop databases, etc...
As for a quote function, this is the one I often use:
Function quote(q_q)
quote = replace(q_q, "'", "''")
End Function
--
Derek
[excessive quoting removed by server]
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
