Are you not seeing any error messages coming through? I suspect the
problem is that you have a SQL error, and if you look, you'll find it. You
should have gotten a SQL error previously. What output are you seeing in
your <blog_addingnews> element?
|---------+---------------------------->
| | olivier demah |
| | <[EMAIL PROTECTED]|
| | com> |
| | |
| | 03/30/2004 10:50 |
| | AM |
| | Please respond to|
| | users |
| | |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: Re: ESQL INSERT
|
>--------------------------------------------------------------------------------------------------------------|
i've done those fixes, and i thantk you for this suggestion, but the
ESQL INSERT still does not insert anything in my blog_news table.
Christopher Painter-Wakefield a e'crit :
>
>
>The immediate problem I see is in how you are passing your String
>parameters into the SQL statement. The strings you are passing in do not
>end up in the SQL statement with quotes around them (unless the user is
>entering them on the form!), so the database is probably getting syntax
>errors, which I think you should be seeing. You have two choices to fix
>this:
>
>Each place you have an expression like <xsp:expr>news_title</xsp:expr>
>
>1. (potentially a security risk) change to
>'<xsp:expr>news_title</xsp:expr>'
>
>2. (much better) change to
> <esql:parameter
>type="string"><xsp:expr>news_title</xsp:expr></esql:parameter>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
