We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

Injecting form value into queryRSS

1 reply

Last post Jan 03, 2020 09:36 AM by Jalpa Panchal

  • Injecting form value into query

    Jan 03, 2020 04:08 AM|alainfranco|LINK

    Hello, and happy new year!

    New on this forum and also a little bit rusted, so please be kind! ;)

    Can someone please help me figure out how to pass this form input value to the access query?

    <%
    
    form_ID = request("ID")
    
    
    'if i hardcode the ID, the page loads properly
    
    query = "SELECT * FROM MYTABLE WHERE ID = 2"
    
    
    
    'however, when I try to use the value coming from a form, I get a 500 for anything rnaginh form syntax, to data type. 
    
    query = "SELECT * FROM MODEL_TIMESHEETS WHERE ID = '"& (request("ID")) &"'"
    
    
    'rest of script
    
    Set db = Server.CreateObject("ADODB.Connection")
    db.Open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("database/INVOICING_DATA.mdb") & ";UID=;PWD="
    
    set objRS = Server.CreateObject("ADODB.RecordSet")
    objRS.CursorLocation = aduseclient
    objRS.CursorType = adOpenStatic
    objRS.LockType = adLockReadOnly
    objRS.Open query,db, , , adcmdtext
    
    %>
    
    

    I was pretty sure this was a correct approach, and see it workign in other files but as I said, Im a little rusty, 

    Any help or guidance is appreciated!

    A.

  • Re: Injecting form value into query

    Jan 03, 2020 09:36 AM|Jalpa Panchal|LINK

    Hi,

    You could use the below code to fetch data based on form value:

    <html>
    <body> 
    
    
    <form method="post" name="form">
    First Name: <input type="text" name="ID"><br><br />
    
    <input type="Submit" value="More_Info" name="btn">
    
    </form>
    <%
        btnv=Request.form("btn")
       ' Response.Write (btnv)
        If btnv = "More_Info" Then
            Dim objConn
            Set objConn = Server.CreateObject("ADODB.Connection")
            objConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=D:\aspsamplesite\Database1.mdb;"
            objConn.Open
    
            'f_name=request.form("fname")
            'f_name=request.form("fname")
            'Response.Write (f_name)
            Set str = objConn.execute("SELECT * FROM Table1 WHERE fname='"& (request("ID")) &"';")
     
            Response.Write("<table border=1>")
        Response.Write "<tr><td> fname </td><td> lname</td></tr>"
            If str.BOF And str.EOF Then
            ' No data
            Else
            Do While (Not str.EOF)
            Response.Write "<tr><td>" & str("fname") & "</td><td>" & str("lname") & "</td></tr>"
            str.MoveNext
            Loop
            End If
            
    Response.Write("</table>")
    End If
    
    %>
    </body> 
    </html>

    Regards,

    Jalpa

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.