Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ASP / Database Access / October 2006


Tip: Looking for answers? Try searching our database.

Multiple command in 1 query?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jagno - 02 Oct 2006 20:55 GMT
Can you submit multiple commands in one SQL query in ASP? Something
like this:

"SELECT * FROM users; INSERT INTO users ('user','pass') VALUES
('test','test');"

When I try I keep getting the error 'Characters found after end of SQL
statement.'
Reply to this Message
Bob Barrows [MVP] - 02 Oct 2006 21:27 GMT
> Can you submit multiple commands in one SQL query in ASP? Something
> like this:
[quoted text clipped - 4 lines]
> When I try I keep getting the error 'Characters found after end of SQL
> statement.'

It depends on the database.
Jet: No
SQL Server: yes

Signature

Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Reply to this Message
Jagno - 03 Oct 2006 17:50 GMT
Ah, that makes sense. So it seems that while Jet is lacking the
functionality, it's inadvertantly protected from some forms of SQL
injection attacks. Interesting. Thanks alot for your comments.

> > Can you submit multiple commands in one SQL query in ASP? Something
> > like this:
[quoted text clipped - 14 lines]
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
Reply to this Message
Bob Barrows [MVP] - 03 Oct 2006 18:48 GMT
Some forms, but certainly not all. The best protection is to use
parameters instead of dynamic sql.

> Ah, that makes sense. So it seems that while Jet is lacking the
> functionality, it's inadvertantly protected from some forms of SQL
[quoted text clipped - 18 lines]
>> header is my spam trap, so I don't check it very often. You will get
>> a quicker response by posting to the newsgroup.

Signature

Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Reply to this Message
Anthony Jones - 13 Oct 2006 12:20 GMT
> Some forms, but certainly not all. The best protection is to use
> parameters instead of dynamic sql.

It can be a show stopper to scalling up a successful application to SQL
Server from Access when you realise the amount of re-work needed to make an
app secure from SQL Injection.  Best option is to do it properly in the
first place rather than relying on the JET not all that compliant SQL
implementation.

> > Ah, that makes sense. So it seems that while Jet is lacking the
> > functionality, it's inadvertantly protected from some forms of SQL
[quoted text clipped - 18 lines]
> >> header is my spam trap, so I don't check it very often. You will get
> >> a quicker response by posting to the newsgroup.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.