Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jrperk
Starting Member
1 Post |
 Posted - 2006-01-12 : 18:21:29
|
| newby is confused. I want to update one single record in a SQL database. So logically, i need to first pull the auto id for that record and then use an update query to update that recordset, right? But the following strsql just keeps adding records, which means I'm not getting past the insert query.So what am I doing wrong?Also, is there a limit to the size that can be updated. I'm trying to update a ntext field. It contains lengthy assignments (as much as 10 pages of text) submitted through a form by different students.---------------StrSql= "Select id from perkins where id = '" & Request("view_id") & "' and logon = '" & Request("logon") & "' and assignment = '" & request("assignment") & "'"set rs = my_conn.Execute (StrSql)If rs.BOF or rs.EOF then ' No records found. i.e. New record StrSql = "INSERT INTO perkins (logon, password, name, namefirst, class, assignment, story, [timestamp]) values('" & request("logon") & "', '" & request("password") & "','" & request("name") & "', '" & request("namefirst") & "', '"& chkstring(request("class")) & "', '" & request("assignment") & "', '"& chkstring(request("story")) & "', '" & time() & " " & date() & "')" else ' Record found. i.e. update record. StrSql = "UPDATE perkins SET story = Request(story, "'", "") WHERE id = " & rs("id") ----------thanks for any help |
|
|
Srinika
Master Smack Fu Yak Hacker
1378 Posts |
Posted - 2006-01-12 : 20:19:12
|
| StrSql= "Select id from perkins where id = '" & Request("view_id") & "' and logon = '" & Request("logon") & "' and assignment = '" & request("assignment") & "'"' display the content of StrSql in to a label and c whether the query is correct' if in doubt, copy & paste that in Query Analyzer and run it & check the resultset rs = my_conn.Execute (StrSql)' Then inside if--else-- write different text for the label and check whether that is correct |
 |
|
|
ditch
Master Smack Fu Yak Hacker
1466 Posts |
Posted - 2006-01-13 : 02:55:09
|
You should rather do this in a sql stored proc than freehand sql, then just pass the parameters from your Request statements.This way has less of a security threat than your freehand sql approach.Duane.  "It's a thankless job, but I've got a lot of Karma to burn off." |
|
|
|
|
|
|
|
|
update query in strsql