ansaurus

Question

Answer 1

+4 A:

The error implies the use of an object that hasn't been instantiated. From the code snippet given, it looks like you're attempting to close the recordset without ever instantiating it.

Do you mean to be setting rstSimple to the result of cnnSimple.Execute()?

Edit: Now that I've looked at the other question, what I've suggested may not be the problem. As people have pointed out, you should really clean the data in the Request object before inserting it in your string (security or no security, an apostrophe in one of those vars will kill that statement).

It's possible (my memories of VBScript are blissfully hazy) that if the Execute() statement fails, nothing will be assigned to rstSimple, and the call to rstSimple.Close() will generate the error message you're seeing.

Try setting rstSimple to a new ADODB.Recordset before calling cnnSimple.Execute() and see if that sheds any light on the issue...

djacobson 2010-07-30 23:20:56

I believe I do mean that. I was given this code by my hosting provider, and I just put in the querystrings because I need them there to send the query data.

lucifer 2010-07-30 23:26:13

Answer 2

+2 A:

suggestion:

declare a string variable (myVar)
set the string variable = your line 65 SQL

"insert into SALT (Email, Username, FirstName, LastName, ActivationCode) VALUES ('" & Request.QueryString("payer_email") & "', '" & Request.QueryString("payer_email") & "', '" & Request.QueryString("first_name") & "', '" & Request.QueryString("last_name") & "', '" & Request.QueryString("hash") & "')"
response.write(myVar)

Might be easier to look at that way, to see if you have issues with quotes in your querystring variables, or whatever. Once you're happy with it:

cnnSimple.Execute(myVar)

dave 2010-07-30 23:44:29

@j-t-s This would be a good first step. You need to drill down on the actual problem, and it's probably either in the way you've written the SQL string, or the values in the QueryString parameters.

djacobson 2010-07-30 23:47:57

I suggest that @j-t-s tries with dummy data, for example: "insert into SALT (Email, Username, FirstName, LastName, ActivationCode) VALUES ('a','a','b','c','d')" That should help sort out where the problem is coming from

Remou 2010-07-31 00:11:20

@Remou -- that's a good one to try, but since @j-t-s isn't concerned about injection, using the real vars would trap cases where he's trying to enter a last name like O'Neil, etc. Of course, parametrization would be a much better idea, as it's not only for safety, but to deal with situations like needing to insert single-quotes too -- but we won't harass @j-t-s *too* much about that... :-P

dave 2010-08-04 15:29:31

@Dave Real vars are fine once @j-t-s gets a simler string working. At the moment there are arguments about whether it is the data types, the data content, the connections string etc that is causing the problem. My suggestion eliminates a few of the possibilities. Also, @j-t-s seems to have gone missing, so the suggestion may be of some use to someone else.

Remou 2010-08-04 16:42:36

BTW The whole single quotes and security issue was raised in a previous post : http://stackoverflow.com/questions/3370677/can-someone-please-tell-me-what-is-wrong-with-this-statement/3370685#3370685, which @j-t-s states s/he is not concerned about at the moment.

Remou 2010-08-04 16:45:23

ansaurus

tags:

views:

answers:

SQL/ASP - Expected: " - But it's there?

related questions