Multiple ASP Update statement

The Mighty Dubs

Hi, I am trying to get a multiple update statement working but cant getting it going. Any ideas?


Here is my code

<%
Response.Buffer=True

Dim iCount
iCount = Request.Form("Count")
Dim strLink, strID

Dim Command1
set Command1 = Server.CreateObject("Adodb.Connection")
Command1.ConnectionString = strConnection
Command1.Open

Dim iLoop

For iLoop = 0 to iCount
strLink = Request(iLoop & ".Link")
strID = Request(iLoop & ".ID")
dim rsDeliveryID, strSQL

Set rsDeliveryID = Server.CreateObject("ADODB.Recordset")

strSQL = "SELECT ID, DeliveryID, tblDeliverys.ProdID, CompanyItemID, tblDeliverys.TotalQty, Delivered FROM tblDeliverys Inner join tblItems on tblItems.ProdID=tblDeliverys.ProdID Where DeliveryID='"&DeliveryID&"' and CompanyItemID='"&CompanyItemID&"' and Delivered=0"

strSQL = "Update tblDeliverys SET ActualQtyDelivered = '" & strLink & "'" &_

"Where ID = '"& strID & "'"

strSQL=" UPDATE tblItems SET TotalQty=TotalQty+"&QtyDelivered&", Archived=0 WHERE ProdID="&rsDeliveryID("ProdID")& ";"

Command1.Execute strSQL
Next

Command1.Close
Set Command1 = Nothing

%>
<meta http-equiv="refresh" content="1;URL=BOSBookedIn.asp" />

Seth Brundle

Where is it failing?
What is the error message? (actually where is your error handling code?)
Is strConnection defined?
Is QtyDelivered always number?#
Will rsDeliveryID("ProdID") always return a value contained in the table?


Also, you are creating a recordset unnecessarily.

(Where is your anti-SQL Injection code?)

The Mighty Dubs

I have actual got it sorted. many thanks for your reply/assistance.

Anti inject code? How do i do this?

Seth Brundle

What was the cause of the issue?

SQL injection is caused by uncleansed data submitted by a user being allowed to run straight against the database.

kayos

kbannon wrote: »

What was the cause of the issue?

I'm gonna guess the fact that strSQL was been over written was the issue..