 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / ASP / Database Access / May 2008ADO issue (new)
I have a strange problem. ASP pages that have worked for years are suddenly giving me errors. Here's the scenario. Server: Win2k Server running IIS Opening ADODB recordsets. First recordset on page opens fine, but after closing it I try to use the same recordset object to open a second recordset and I get the following errror. Microsoft OLE DB Provider for ODBC Drivers (0x80040E21) ODBC driver does not support the requested properties. Usually this is from a bad sql string used to open a recordset but the string is good. It only happens when re-using an existing recordset object to open a second recordset after closing the first. Anyone experience this lately? Could it be some update on the server causing it? > I have a strange problem. ASP pages that have worked for years are > suddenly giving me errors. Here's the scenario. [quoted text clipped - 14 lines] > Anyone experience this lately? Could it be some update on the server > causing it? I should add I'm using SQL Server 2000 SP4 release 8.00.194 >> I have a strange problem. ASP pages that have worked for years are >> suddenly giving me errors. Here's the scenario. [quoted text clipped - 16 lines] > > I should add I'm using SQL Server 2000 SP4 release 8.00.194 Could you post a short repro, perhaps using the Northwind sample database for the data source?  SignatureMicrosoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup. On May 15, 9:40 am, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom> wrote: > >> I have a strange problem. ASP pages that have worked for years are > >> suddenly giving me errors. Here's the scenario. [quoted text clipped - 27 lines] > > - Show quoted text - Here goes. dim con dim rst const ADopenkeyset = 1 const adLockReadOnly = 1 dim strsql dim user dim pwd user = Request.Form("login") pwd = Request.Form("password") strsql = "SELECT ctridx, txtuser, txtpwd, lngclient, txtFirst, txtLast " & _ "FROM dbo.tblPODescUpdaters WHERE (txtuser ='" & Request.Form("login") & "')" set con = Server.CreateObject("ADODB.Connection") set rst = Server.CreateObject("ADODB.Recordset") con.open "fastpack" rst.open strsql, con, adOpenKeyset, adLockReadOnly if not rst.EOF Then if Request.Form("password") = pwd then dim emp dim First dim last dim agentidx session("loggedin")= "true" first = rst("TxtFirst") last = rst("TxtLast") session("first") = rst("TxtFirst") session("last") = rst("TxtLast") session("useridx") = rst("ctrIdx") rst.Close %><!-- #include file="header2.inc" --><% %> <FONT FACE="ARIAL,GENEVA,Helvetica,Sans-Serif" size=2> <% ShowHeader("Welcome " & first & " " & last)%> </head> <p> </p> <p align = left> </p> <FORM method=post id="form1" name="form1" action="translatesearch.asp"> <table align = left> <tr> <td><font color = "black">Enter a P.O. Number</a></font></td> <td> </td> <td><input type = text id="po" name="po" width = 25></td> <td><INPUT type="submit" value="View" id=button1 name=button1></ td> </tr> </table> </form> <p align = left> </p> <FORM id="form2" name="form2"> <table align = left> <tr> <td><font color = "black">Select a Field Destination</a></font></ td> <td> </td> <td> <%' Get a list of authorized field destinations strsql = "SELECT TOP 100 PERCENT dbo.tblPOUpdatersFieldDests.lngfielddestidx, dbo.tblPOUpdatersFieldDests.lnguseridx, dbo.TblFieldDest.TxtDestName " & _ "FROM dbo.tblPOUpdatersFieldDests LEFT OUTER JOIN dbo.TblFieldDest ON dbo.tblPOUpdatersFieldDests.lngfielddestidx = dbo.TblFieldDest.CtrDestIdx " & _ "WHERE (dbo.tblPOUpdatersFieldDests.lnguseridx = " & session("useridx") & ") ORDER BY dbo.TblFieldDest.TxtDestName" rst.open strsql, con, adOpenKeyset, adLockReadOnly The first opens fine. I close it and attempt to open the second and get the odbc error. But if I use response.write(strsql) and paste the generated SQL into a view it returns records correctly. Again, this has worked for years, but now I'm running into similary problems re-using recordset objects in other pages. And I've confirmed the issue on two servers (at two seperate clients). > Here goes. Err ... not exactly what I asked for (I cannot run this code to try to reproduce your symptoms without taking time to rewrite it), but I will make some comments about it: > strsql = "SELECT ctridx, txtuser, txtpwd, lngclient, txtFirst, txtLast > " & _ > "FROM dbo.tblPODescUpdaters WHERE (txtuser ='" & > Request.Form("login") & "')" <gasp> I will have a very important comment to make about this at the end of this post. > rst.open strsql, con, adOpenKeyset, adLockReadOnly Why are you using a keyset for this? Major overkill. All you need is a default forward-only cursor: set rst=con.execute(strsql,,1) > if not rst.EOF Then > [quoted text clipped - 15 lines] > > rst.Close <snip - no need to see all this html> > <%' Get a list of authorized field destinations > strsql = "SELECT TOP 100 PERCENT [quoted text clipped - 7 lines] > session("useridx") & ") ORDER BY dbo.TblFieldDest.TxtDestName" > rst.open strsql, con, adOpenKeyset, adLockReadOnly Again, I see no need for a keyset cursor. See if changing to the default cursor solves your problem. If you haven't shown us everything an you feel you really need a keyset cursor for some reason (almost never the case in ASP - keysets are desirable when you are planning to keep a cursor open for long periods of time, much longer than would be the case in an ASP page), then you should try re-instatiating the recordset between opens. ****VERY IMPORTANT!!****************** Further points to consider: Your use of dynamic sql is leaving you vulnerable to hackers using sql injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23 See here for a better, more secure way to execute your queries by using parameter markers (tokens): http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36 562fee7804e Personally, I prefer using stored procedures, or saved parameter queries as they are known in Access: Access: http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%4 0TK2MSFTNGP12.phx.gbl http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYxOyvaDHA.402 0%40tk2msftngp13.phx.gbl SQL Server: http://groups.google.com/group/microsoft.public.inetserver.asp.general/msg/5d3c9 d4409dc1701?hl=en SignatureMicrosoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup. On May 15, 10:14 am, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom> wrote: > > Here goes. > [quoted text clipped - 83 lines] > > - Show quoted text - Thanks for your help, dropping the keyset curser resolved the open recordset issue and I'll review that throughout. I'll also read your links on SQL injection. One question before I get into it, am I vulnerable even running the web app under SSL? > I'll also read your links on SQL injection. One question before I > get into it, am I vulnerable even running the web app under SSL? Absolutely. Read the links. SignatureMicrosoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.