tags:

views:

107

answers:

2
Q: 

ASP Session value

Hi there,

I'm setting a Session of MM_CustomerID in my code and then further down the page I need to insert the value of that session into a table. But each time I try to do this it comes up with an Invalid column name 'varCustomerID'.

At the top of the page I have this code;

<% 
set rscustomerid = Server.CreateObject("ADODB.Recordset")
rscustomerid.ActiveConnection = CmdAddCustomer.ActiveConnection
rscustomerid.Source = "SELECT @@IDENTITY as MaxCustomersID  FROM Customers"
rscustomerid.CursorLocation = 2
rscustomerid.LockType = 3
rscustomerid.Open()
Session("MM_CustomerID")=rscustomerid("MaxCustomersID")
Session("MM_UserAuthorization") = "5"
%>

Then further down, i'm trying to set a variable of varCustomerID to be equal to the MM_CustomerID session;

<%
varCustomerID = Session("MM_CustomerID")
%>

And then try inserting the value of that variable varCustomerID into the Orders table as follows;

<% 
'Insert record into Orders recordset when form is submitted
'and store the unique OrderID
'Version Date: 09 August 2009
set CmdAddOrder = Server.CreateObject("ADODB.Command")
CmdAddOrder.ActiveConnection = MM_dbconn_STRING
CmdAddOrder.CommandText = "INSERT INTO Orders (OrderCustomer,OrderGrandTotal,OrderStatus) VALUES (varCustomerID,0.00,3)"
CmdAddOrder.CommandType = 1
CmdAddOrder.CommandTimeout = 0
CmdAddOrder.Prepared = true
CmdAddOrder.Execute()
%>

I wondered if anyone might be able to help? Perhaps there's an easier way of just inserting the session value into the table, instead of creating a variable for it?

Thanks.

+3  A: 

You need to change the sql command text to:

"INSERT INTO Orders (OrderCustomer,OrderGrandTotal,OrderStatus) VALUES (" + varCustomerID + ",0.00,3)"

However you could be vulnerable to SQL injection... really you should parametrise this query:

http://aspnet101.com/aspnet101/tutorials.aspx?id=1

Paul  2009-08-10 08:18:19
Thanks Paul. I'm now getting the following error;Type mismatch
Neil Bradley  2009-08-10 08:39:43
You should probably debug and step through the code. Check what value you are getting on the line:varCustomerID = Session("MM_CustomerID")You may need to cast it to an int something likevarCustomerID = Cint(Session("MM_CustomerID"))
Paul  2009-08-10 08:53:16
I ran a Response.Write to check that it is grabbing the CustomerID and it returned the correct value.Looks like it's just having an issue trying to put the number into the OrderCustomer column (which has as Data Type of int);Type mismatch: '[string: "INSERT INTO Orders ("]'
Neil Bradley  2009-08-10 09:10:26
Have you tried passing in Cint(varCustomerID) instead of just varCustomerID?This casts the string to an integer
Paul  2009-08-10 09:57:48
Heya. Just tried that actually, but still writes the same error.
Neil Bradley  2009-08-10 10:02:52
Ok, you definitely don't have extra speech marks in your commandtext do you "INSERT INTO Orders (OrderCustomer,OrderGrandTotal,OrderStatus) VALUES ('" + varCustomerID + "',0.00,3)"instead of"INSERT INTO Orders (OrderCustomer,OrderGrandTotal,OrderStatus) VALUES (" + varCustomerID + ",0.00,3)"(see those extra single speech marks in the first one arround varCustomerID)
Paul  2009-08-10 10:27:46
Heya, yes - here's the code I now have;<%varCustomerID = Cint(Session("MM_CustomerID"))%><% CmdAddOrder.CommandText = "INSERT INTO Orders (OrderCustomer,OrderGrandTotal,OrderStatus) VALUES ('" + varCustomerID + "',0.00,3)"%>
Neil Bradley  2009-08-10 11:21:27
Don't know if it would be beneficial to see the full code page?http://gist.github.com/165141
Neil Bradley  2009-08-10 11:23:10
Hey Paul. Found out the problem, had to replace the + with
Neil Bradley  2009-08-10 12:06:43
Ahh, nice one. Good luck with the rest of the product fella
Paul  2009-08-10 12:10:47
Thanks very much for your help. :)
Neil Bradley  2009-08-10 12:25:06
A: 

You need to cast varCustomerID to a string for the query. Slight change to Paul's answer should get you working but like he says you need to be careful of injection attacks.

"INSERT INTO Orders (OrderCustomer,OrderGrandTotal,OrderStatus) VALUES (" & varCustomerID & ",0.00,3)"
jammus  2009-08-11 07:39:09

related questions

asp consuming a web service, what do do with recordset object ?
How exactly do you configure httpOnly Cookies in ASP Classic?
Replace huge Case statement in Classic ASP
How do the CakePHP and codeigniter frameworks compare to the ASP.NET MVC framework?
Why do I get this error "[DBNETLIB][ConnectionRead (recv()).]General network error" with ASP pages
ASPSmartUpload v3.2
Are there benefits to Classic ASP over ASP.net
Why continue writing legacy systems?
Remote Debugging Server Side of a Web Application with Visual Studio 2008
Migrating from ASP Classic to .NET and pain mitigation
VBScript/ASP Classic
What is this 'Multiple-step OLE DB' error?
Code Classic ASP in Linux
How do I secure a folder used to let users upload files?
ASP/VBScript - Int() vs CInt()
What's the best way to manage a classic asp front-end using Visual Studio 2008?
Calling ASP.NET web service from ASP using SOAPClient
IIS 6/COM+ hangs
Select Query on 2 tables, on different database servers
Calling REST web services from a classic asp page
How to run remote shell scripts from ASP pages?
What is the IDE for classic ASP and VBScript?
Using ConfigurationManager to load config from an arbitrary location
What is the best way to iterate through an array in Classic Asp VBScript?
How do I build a collection in classic ASP?