If I have a html table with, lets say three columns, and I have to fill each column with different data from database, could I use a stored procedures to write three separate sql queries?All I need than is to create a loop for each column.
I have never tried before writing a code with more than one sql query, and that isn't working out for me this time. I've read about this stored procedures. I don't know if that's the answer.
Just a quick question. I am using Sql Server 2000 and calling stored procedures from asp. At this stage i am forgoing using the ADO command object and am simply create dynamic like sql statement for store procedure execution.
My question is, I find the code below quite messy, particularly when it comes to checking for option parameters using if statements. Is their a better way to write this, keeping in mind i have to check in a value exists before adding the appropriate parameter to the stored procedure call.
A while back people were looking into stored procedures and code to list which ones exist Does anyone know the code to list all the stored procedures in a my sql database?
could anyone provide me with some simple example code of asp classic calling adodb? specifically, i'd like the code to: - call a couple of stored procedures that have optional parameters - share a connection over the two calls
In order to access return values and output parameters from a stored procedure, the recordset must first be closed. Is this correct? If so, can someone please shed some more light on ADO, stored procedures, their parameters and recordsets. Specifically, I've seen some code that accesses the output parameters and return values by switching to the next recordset.
[vbs] Set adoRS = adoRS.NextRecordset [/vbs] and then some other funny stuff ... [vbs] Response.Write "<p>Return value = " & CmdSP.Parameters("RETURN_VALUE").Value & "</p>" [/vbs]
Is a second recordset always created when you have output parameters and/or return values? And what are these properties of the parameter object? How do you guys work with ADO?
I am trying to send some emails that are stored in a SQL database to a variable within my ASP page. Once the emails have been gathered and stored in the variable (as a string of emails) I want to send an email to those emails using that variable.
I'm trying to accomplish this by using a stored procedure.
Here is how my SP is set up in sql enterprise manager:
I am trying to use a stored procedure created in SQL Server 2005 and execute it in ASP. How can I return the entire recordset from the stored procedure the way I can do it with a recordset?
set cmd = Server.CreateObject("ADODB.Command") set cmd.ActiveConnection = Conn
' Specify the name of the stored procedure you wish to call cmd.CommandText = "sp_Org_Structure"
'Form variable to pass as a paramter to the SP strUI = 4655
I have been working on this particular project for a little over 2 weeks now. This product contains between 700-900 stored procedures to handle just about all you can imagine within the product. I just personally rewrote/reformatted close to 150 of them myself. Nothing too fancy, mostly a lot of formatting. We have a little down time between Q/A and fixing any bugs they find so I decided to test the security of the site with Cross-Site Scripting and SQL injection. Because SP's are used in pretty much every aspect of the site, the site isnt vunerable to the simple Injection stuff like ' OR 1 = 1 . Instead I've had to try several things which I will get to in a minute. As I have access to all of these SP's and the dB in which they reside, I could easly look at the code and determine what variables are neede to pass in. I've been trying to break the site to give up a database name so I can proceed to check the system tables etc etc - much like a regular hacker would (meaning not cheating by looking at the code). So, I've started my attack by downloading a local version of the login page, changing a few variables and injected somthing like:
'SELECT * FROM INFORMATION_SCHEMA.TABLES
Initially, the statement is passed into the form fields and wont return anything other than a JS popup error. I altered the statement intentionally to break the page
SELECT * FROM INFORMATION_SCHEMA.TA'
and it produces an error giving me the name of the query and its location when I plug the name of the query in the url i.e http://theurl.com/query_folder/query_name/ it fires me off to another folder containing an include file of some sort. When I run that include it gives me the name of a pretty important variable. Apparetly its a variable that determins what dB I should point to.
Now, one of the issues I have is that everything is a stored procedure so trying to hack it is a little more difficult ....
Is there any way of viewing a list of stored procedures from a database.for example i state i which database i am looking at and it returns a list of stored procedures.
HThe aspfaq.com seems to really push stored procedures, and I hear the same advice here all the time. So I want to take the advice.
Is it possible to create and practically maintain, delete, use, etc. stored procedures soley from asp (i.e., no GUI or console- like being hosted on Brinkster)?
The tutorial on aspfaq.com mentions that stored procedures can be created from asp code- how? Do you just send the stored procedure you'd type into the GUI with oConn.execute() instead?
I use stored procedures in my asp using the connection object. I validate any inputs to protect myself from SQL injection. Why is it, or isn't it better to use the command object? I have used the command object with parameters and the coding was a pain.
Comments?? I realize this is an open ended question but I am trying to improve my skills/code if need be.
I'm having trouble calling a stored procedure. For some reason I keep getting this error. -------------------------------------------------------------------- ADODB.Command error '800a0bb9'
Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another. ---------------------------------------------------------------------
I've started using stored procedures but I have a problem. My stored proc works fine but when I want to use it to list results on several pages I get an error. My previous code:
I am currently trying to pass a value from a url to a sqldatasource control. There seems to be a lack of information on how to do this. I would greatly appreciate the help.
I am passing a variable "dept" through the url (i.e. products.aspx?dept=23) and trying to insert it into the Where part of my SQL statement.
I use dynamic SQL queries in my sites. I know this is bad, but I grew up using Access as a data source and learned bad habits.
One of my MsSQL Server databases has just been hacked, despite me stripping common words/punctuation from the SQL statements - which I thought would prevent injection attack.
What I currently do is this (using three functions to strip out HTML, quotation marks and T-SQL code)
1. LoadFile - Loads data from a file to a table...which can take up to 10 minutes if the file is large enough. While loading, it periodically updates a record in a "load summary" table with the total number of records to load, the number of records currently loaded and the status of the load. 2. GetLoadSummary - Gets the record from the "load summary" table. My hope was that in ASP, I could call LoadFile within one FRAME and then on a timer within another FRAME call GetLoadSummary to create a progress bar for the user.My problem is that when I call LoadFile, I can't seem to execute any other stored procedures until it finishes.
I am calling some stored procedures from ASP. These strored procedures have to deal with lots of deletes and updates. So i have thought of implementing transaction commits and rollbacks. But if a rollback occurs in these stored procedures, i want to get a value back to asp page, based on this value i will run the next stored procedure.
It loops in order to get data in different, sequential date ranges. I.E. from 9/1/2000 - 10/1/2000 then 10/1/2000 - 11/1/2000 etc etc etc. It calls SPs using the 2 dates and an integer used for companyid reference.
Let's just do this for 2 SP's (there are like 6 on the page.) One SP has 3 params, one has only 2.
Now, the first iteration of the loop, it works. (because I'm response.writiting out the dates it's using to verify they are ok. The second time through I get the following error when I try to execute the following ASP: .....
When some of the SQL Server stored procedures I have written are called via my Classic ASP page I have written I get the following error in the cell that is supposed to be retrieving a single result:
"ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/Default.asp, line 130"
I have no idea why this could be occuring. Some of the other stored procedures work just fine. Any one have any ideas?
I'm pretty new to ASP so this may seem like a stupid question but is there anyway I can use something like an OnClick or OnChange sub procedure similar to the ones you can use with VBS or JS?
I have a VB script Sub() that is used by several ASP pages. How do I make it globally available rather than having to replicate the source code in each ASP page that uses it?
I know that cookies are stored with a txt file in the client PC. but are cookies even stored in RAM? cuz i can access the cookie information but i cannot see the cookie a txt related to that in my PC...
I'm trying to access a stored procedure on our AS400 that is written in RPG. I know that the stored procedure works (I've called it from an RPG program on the AS400), and I know that the connection to the AS400 is good, because this same ASP page is reading data via SQL. However, when I try to call the stored procedure, I can't tell if anything is actually happening. All that I know is that the end result is not being changed, so I suspect that the procedure isn't being called correctly.
My stored procedure is used to encrypt/decrypt data. It has 3 parameters - a 1 character flag telling it whether to encrypt or decrypt, a 25 character field for the plaintext data, and a 50 character field for the encrypted data. The last two parameters are used for either input or output, depending on the value of the first flag (if the flag is "E", then the plaintext is used as input and the program fills the encrypted data field. If the flag is "D", then vice - versa).
Here is the code where I call my stored procedure. I'm trying to decrypt data from the queryString and place it in some program variables. I'm new to ASP, and can't find any good examples for my situation, so I pieced this together from what examples I found online. Can anyone tell me what I'm missing?
SELECT ISNULL(Group, '') AS GroupCalc, MIN(start) AS START, COUNT(Id) AS Count FROM Table WHERE (Id = @CId) GROUP BY ISNULL(Group, '') ORDER BY start GO
I have a problem with input parameter which has Decimal DataType. Stored procedure works but it rounds all values, i.e 5.555 input becomes 6 and 1.3 input becomes 1. In table QTY has data type decimal(5) - precision(8) scale(3). Please, suggest what's wrong with this: