| |
| |
| |
|
Page: 1 2 3
<MoZ> the only time "" is used is when your hard-coding the string
<MoZ> what exactly is your problem?
<KilledDot> my problem is, am trying to do rs1("string"), but i get it like rs1(string) , which wont work :)
<MoZ> KilledDot: thats not your problem, trust me ...
<MoZ> what's the exact error your getting
<KilledDot> MoZ, i tried putting it manually, and it worked fine.
<MoZ> did you try verifying that request("op1") returns the right string?
<KilledDot> yes,
<MoZ> response.write request("op1")
<MoZ> are you going to tell me wtf the error message is ...
<MoZ> or am I going to have to get extremely annoyed and wind up taking out all my pent up aggression on you?
<KilledDot> Error Type:
<KilledDot> ADODB.Recordset (0x800A0CC1)
<KilledDot> Item cannot be found in the collection corresponding to the requested name or ordinal.
<KilledDot> /zilzal/aaa.asp, line 12
<KilledDot> sorry for pasting.
<erabbit> do you think its a bad idea to name your stored procedure as "sp_wakkawakka"
<MoZ> yeah ... just means that request("op1")'s returned string does NOT exist in the recordset as a field
<KilledDot> look at this
<MoZ> erabbit: is sp_wakkawakka makes sense, do it ;)
<KilledDot> i reponse.write upd
<KilledDot> which is:
<KilledDot> upd = "update pollsa set " & "op1" & "=" & rs1("op1") + 1 & " where id=1"
<KilledDot> and it works fine.
<KilledDot> I try upd1
<KilledDot> which is:
<KilledDot> upd1 = "update pollsa set " & request("radiobutton") & "=" & rs1(request("radiobutton")) + 1 & "where id=1" & "<BR>"
<KilledDot> and i get the error i showed u
<MoZ> blech ... your hopeless
<MoZ> give me a web address I can goto to look at the form your using?
<KilledDot> i response.write request("radiobutton"), and I get : op1
<KilledDot> MoZ, am behind a router, running at localhost
<MoZ> KilledDot: then stop talking
<Quequeg> Whoooh - you should consider preparing sql statements first with ?'s for unknowns (or equiv), then instantiating those variables sep. when you execute the query. You avoid all kinds of security problems, and it's faster (the query plan doesn't need to be done each time, etc..).
<KilledDot> MoZ, Okay :) I`ll do it in another way
<erabbit> moz: I mean, seriously that does describe the spo!
<MoZ> Quequeg: wtf?
<erabbit> sp
<MoZ> erabbit: if it makes sense, then there's no problem with using it ...
<MoZ> "wakkawakka" means nothing to me ... but if it means something you, or your company ... or whatever ... then it makes sense
<erabbit> Moz: haha, im fooling dude
<MoZ> I mean, I have an sp called sp_fsbo
<MoZ> makes no sense to you ... but to me, and my company, it means "stored procedure - for sale by owner"
<Darken> lol
<Darken> erabbit was being retarded earlier
<MoZ> you don't mess with me when I'm drinking ...
<MoZ> I thought he was serious ...
<MoZ> stupid, but serious ;)
<MoZ> now for another beer
<Quant> i drani alot of jackandcoke yest
<Quant> drank
<Darken> moz erabbit is the reason you can't buy alcohol on sundays
<Darken> take your aggression out on him
<MoZ> Darken: isn't that what I just did? :)
<Darken> yea but this was before you knew he was anti alcohol
<Darken> you know what you must do now..
<MoZ> invite and ban again?
<Darken> exactly :D
<Darken> ahah
<KilledDot> AM DAMN GOOD :]
<KilledDot> worked
<KilledDot> ;)
<MoZ> KilledDot: don't shout about your skills ... cause seriously, you don't have much to shout about
<KilledDot> MoZ, well, I admit that, this is my first day with asp :P
<MoZ> KilledDot: and you were bothering to argue with me about it?
<MoZ> omfg ...
<KilledDot> I work in 3com since 4 years, I never needed to program using ms ****s
<Quequeg> KilledDot, you might read what I wrote above. If you are accepting input from forms on a website and pumping it as is into queries you are asking for all kinds of hurt.
<KilledDot> MoZ, I used SELECT statement to make it work correctly
<Darken> Quequeg i hope he uses that on a core 3com server
<Darken> :/
<Quequeg> :)
<KilledDot> back to work pals
<KilledDot> I appreciate your help
<KilledDot> ;)
<Darken> killed hey who is your boss at 3com
<KilledDot> Avi Koshi :]
<KilledDot> why ?
<KilledDot> MoZ, I commented the select statement, and tried another way, and worked.
<KilledDot> I only had to put it in a var itself
<KilledDot> fdd = request("radiobutton")
<KilledDot> and rs1(fdd) worked fine.
<Quequeg> Knowing what I know now, I could probably go to your form and delete every record in your 'pollsa' table.
<Darken> i want him to know who to fire when your code gets exploited
<Darken> :/
<Darken> you need a good course on security
<Darken> that's how injection happens
<Darken> if you don't validate all user input it is going to come and hurt you later
<MoZ> Quequeg: depending on the dbms ... you could probably do alot more then just that ;)
<KilledDot> Darken, trust me, I already have the IP rules, who are allowed to look into the page am writing.
<Darken> that doesnt make it secure KilledDot
<Darken> fences don't stop people from jumping them
<Darken> hehe
<MoZ> heh, I actually hopped an electric fence once
<Darken> what do you do at 3com KilledDot
<MoZ> Darken: he's the receptionist
<MoZ> duh
<Darken> moz well when the police are chasing you that is fair game
<Darken> i hope he is
<Darken> if he works on any embedded programming or drivers i am going to stop using 3com
<MoZ> actually, I did it to get to a party ... lol
<KilledDot> well, if I will make sure when I upload the pages, I`ll tell you people to try ur best shots, exploiting them
<Darken> well there was alcohol there moz
<Darken> that's acceptable too
<MoZ> heh
<MoZ> nitros ... e ... beer ....
<Darken> i charge a lot of money for penetration testing KilledDot
<Darken> :/
<MoZ> lotsa reason to go ;)
<Quequeg> KilledDot, you'd save yourself a lot of time by taking our advice first...
<MoZ> KilledDot: I'll do it for free, if you give me a 6-figure salary after pulling it off ;)
<Darken> man
<KilledDot> RPS, Darken
<Darken> that's just as good as getting paid to do it moz
<KilledDot> lol
<KilledDot> ok
<MoZ> Darken: heh ...
<MoZ> stfu ....
<MoZ> I need a job
<MoZ> ;)
<KilledDot> anyway, am off to work now ;)
<MoZ> he might have fallen for it ...
<MoZ> being an ego-maniac like he is and all
<Darken> moz i have a job opening
<Darken> how good are you with embedded programming and micro chips
<KilledDot> do you even know what RPS Darken ?
<MoZ> I'm not ****ing your **** ...
<Darken> no moz that job position is not available to you :/
<Quequeg> If he could hire someone for a 6 figure salary, and I owned any 3com stock, I would sell it.
<MoZ> Darken: it was last week ...
<MoZ> wtf
<MoZ> Darken: I have no experience with embedded development or micro-chips ...
<Darken> rps can be many things KilledDot
<Darken> be more specific
<Darken> it's 3 letters it can mean a many acronyms
<Darken> moz
<KilledDot> Redundant Power Systems ?
<Darken> sorry then :(
<Darken> what about redundant power systems do you want
<MoZ> revolution per seconds ?
<KilledDot> LOL!
<MoZ> !google define rps
<NyQuil> http://www.google.com/search?q=define+rps
<NyQuil> !google: (define+rps) http://www.tom-yam.or.jp/2238/src/reg.h.html";
<Quequeg> Retarded-Programming-Specialist... :P
<KilledDot> !google define:rps
<NyQuil> http://www.google.com/search?q=define:rps
<KilledDot> am off.
<KilledDot> cya
Return to sql
or
Go to some related
logs:
linuxhelp
canada
football
|
|