|
| |||||||
| Sponsored Links |
 | « Previous Thread | Next Thread » |
| | LinkBack | Thread Tools | Display Modes |
|
#1
March 25th, 2008, 11:47 AM
| ||||
| ||||
 Type mismatch: HTMLEncode All, I recently added code in red and thought all was fine but I seem to be getting the error below with some recordsets. Error: Microsoft VBScript runtime error '800a000d' Type mismatch: 'HTMLEncode' Code: <TD bgcolor="yellow">
<%'Check to see if they are alowed to Edit plan and commit fields
If cint(Session("AccessLevel")) >= 4 then
%><INPUT CLASS="clrBg" type="text" name="Comments<%=response.write(i)%>" size="75" maxlength="150" value="<%= Server.HTMLEncode(rs("RolloutComments"))%>"</TD><%
Else
%><INPUT CLASS="clrBg" type="text" name="Comments<%=response.write(i)%>" size="75" maxlength="150" readonly value="<%= Server.HTMLEncode(rs("RolloutComments"))%>"</TD> <%
End if
%>
</TD>
|
| Sponsored Links |
|
#2
March 25th, 2008, 11:49 AM
| ||||
| ||||
| This error is probably occurring due to NULL values. However, why use Server.HtmlEncode for displaying in an input box that a user would edit? You'll get funky looking characters then. I only use this when outputting data from the database to be displayed on the page.
__________________ jmurrayhead If you agree with me... click the  icon! If my post solved your problem, click the  button in the lower right-hand corner of the post.Join our Folding team: DeveloperBarn Folding |
|
#3
March 25th, 2008, 12:04 PM
| ||||
| ||||
| Oh. I think I was trying it to see if it would take of the users entering apostrophes and getting an error and not updating. I can take it out but then apostrophes will have an issue.  |
|
#4
March 25th, 2008, 12:11 PM
| ||||
| ||||
| Quote:
Code: Function ValidateStr(strValue) strTemp = strValue strTemp = Trim(strTemp) strTemp = Replace(strTemp,"'","''") ValidateStr = strTemp End Function |
|
#5
March 25th, 2008, 12:12 PM
| ||||
| ||||
| If you're talking about using textbox values in db queries, then use parameteri(s/z?)ed queries. In Mysql it would look something like:- Code:
sql = "INSERT INTO tbl_name(col1,col2,col3) VALUES(?value1,?value2,?value3)"
mycommand.parameters.addwithvalue("value1",request.form("textbox1"))
mycommand.parameters.addwithvalue("value2",request.form("textbox2"))
mycommand.parameters.addwithvalue("value3",request.form("textbox3"))
I know the syntax for parameters is slightly different if using MSSQL and I guess Access aswell. But you should try this to prevent problems with apostrophes and to help stop SQL injection attacks. Hope that helps. |
|
#6
March 25th, 2008, 03:04 PM
| ||||
| ||||
| hmmm....i'm trying to remember all I changed but here is what I have on the updatefinish.asp page for the comments field. Code: sComments = replace(Request.Form("Comments" & nCounter),"'","''")
Code: sSql = "update tblRollout set DistrictID = " & sDistrict & ", ToolID = " & sTool & ", RolloutShipped = " & sPMS & ",NewRequest = " & sNRS & ", NewCommit = " & sNCS & ", NewShip = " & sNSS & ", RolloutComments = '" & sComments & "' " sSql = sSql & " WHERE ToolID=" & sTool & " and DistrictID=" & sDistrict & " " |
|
#7
March 25th, 2008, 03:11 PM
| ||||
| ||||
| Use the function I posted above like this: Code: sSql = "update tblRollout set DistrictID = " & ValidateStr(sDistrict) & ", ToolID = " & ValidateStr(sTool) & ", RolloutShipped = " & ValidateStr(sPMS) & ",NewRequest = " & ValidateStr(sNRS) & ", NewCommit = " & ValidateStr(sNCS) & ", NewShip = " & ValidateStr(sNSS) & ", RolloutComments = '" & ValidateStr(sComments) & "' " sSql = sSql & " WHERE ToolID=" & ValidateStr(sTool) & " and DistrictID=" & sDistrict & " " |
|
#8
March 27th, 2008, 02:29 PM
| ||||
| ||||
| Sorry so slow on this....just been having a hard time with other stuff....I'm going to use what you provided but one question, will this also take care of double quotes? I'm trying to remember why I added the HTMLEncode....and I think it was suppose to cover double quotes but not for sure. Thanks again! I need a huggy smilie!!!  |
|
#9
March 27th, 2008, 02:32 PM
| ||||
| ||||
| Quote:
|
|
#10
March 27th, 2008, 03:40 PM
| ||||
| ||||
| Ok, I can add single and double quotes with no problems. After I add something like - This' is a test for 8" tools I can add and view it on my results screen and it shows the whole comment but when I go to my edit view, it shows - This' is a test for 8 It doesn't cause any errors but won't show anything after the double quotes while in edit view. Do you need to see the code on my edit screen (comment field)? Or tell me what I can look/check for? Thanks! |
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Data Type Mismatch in Criteria Expression | alansidman | Microsoft Access | 1 | April 9th, 2008 04:33 PM |
Linear Mode
