SQL - Updating Empty Text Field is enterring -1

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Scott Hoff
    #1

    SQL - Updating Empty Text Field is enterring -1

    I'm trying to do a simple update like I have done countless times
    before.

    However, when I update the empty fields in this table it places a -1
    into the field rather than the enterred value.

    It is indexed with duplicates allowed. It says that zero lenght is
    set to yes.

    What can I do about this?


    if Request.form("o userid") <> "" Then
    var2 = " and userid = '" & Request.form("o userid") & "' "
    Else
    var2 = " and userid is null "
    End if
    if Request.form("o repid") <> "" Then
    var1 = " repid = '" & Request.form("o repid") & "'"
    Else
    var1 = " repid is null "
    End if

    "Update [Website Settings] set userid = '" & REquest.form("u serid") &
    "' and repid = '" & Request.form("r epid") & "' where " & var1 & var2
    & var3


    Thanks!
    Tags: None
    • Aaron Bertrand - MVP
      #2
      Re: SQL - Updating Empty Text Field is enterring -1

      > "Update [Website Settings] set userid = '" & REquest.form("u serid") &[color=blue]
      > "' and repid = '" & Request.form("r epid") & "' where " & var1 & var2
      > & var3[/color]

      Response.write this to the screen, instead of executing it, and examine the
      result.


        Comment

        • Erland Sommarskog
          #3
          Re: SQL - Updating Empty Text Field is enterring -1

          [posted and mailed, please reply in news]

          Scott Hoff (SHOFF@FIRSTHEA RTLAND.COM) writes:[color=blue]
          > However, when I update the empty fields in this table it places a -1
          > into the field rather than the enterred value.
          >...
          > "Update [Website Settings] set userid = '" & REquest.form("u serid") &
          > "' and repid = '" & Request.form("r epid") & "' where " & var1 & var2
          > & var3[/color]

          If that is all that happens, consider yourself lucky. A malicious
          user could use the above for SQL intrusion, and SQL Server to execute
          commands you sure did not intend him to. For a starter, enter
          O'Brien in userid.

          --
          Erland Sommarskog, SQL Server MVP, sommar@algonet. se

          Books Online for SQL Server SP3 at
          Microsoft SQL Server
          http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp
          Get the flexibility you need to use integrated solutions, apps, and innovations in technology with your data, wherever it lives—in the cloud, on-premises, or at the edge.

            Comment

            Previous template Next
            Working...