Apprentice
That usually happens when there is no match for your where condition. Though with out being right there its hard to tell for sure. This is very common when dealing with time stamps as there are several possible formats. I am guessing TimeType is not a time but a byte, but the same problem can still apply if in one case you are using a 0 based count and in the other a 1 based count, for example.Originally Posted by keroed1
i got it toworknow guysi went through and did a etremly simply update and then moved up untili got what i wanted.....but question right guys
if the user enters and incorrect value or dont fillout allof the reuire fields iwill get an error
1. is there a way for me to check thata valuefor example is a double or integer instead of string because if i send back a string to coulm that requires a number a error will b generated
2. can ensure that all fields have been filled out
Edit/Delete Message
i created a javascript that check the form to see that everything was filled out and ensure that everything is filled otu so that solves the problem of the individual not entering a valuebut i am here searching the net buti am not sure can i write a vbscript that checks to see if an integer value was entered? can this be done in vbscript??
[edited]
ok guys ijus solved the other problem.......
to:Mod's i not sure after i was having problem and i was getting help to solve a problem and it was'nt solved and i found out how to solve it should i post howi solved it??? i am not sure
Last edited by keroed1; Jun 7, 2006 at 11:21 AM.
Apprentice
I am not a mod, but I would prefer not to spend time to help with a problem that has already been solved. Also, If I was searching the internet and came accross the post I would like to see the answer. So even if you solve your own question, it is in my opinion, a very good thing to say that you solved the problem and how you solved it. Another reason to show how you solved the problem, is that you may have solved it one way but it might not be the cleanest way. If other people already have an interest in helping you, they might suggest something way better for your purpose.
For your problem if you do a:
It might help get rid of other potential unfriendly errorsCode:if not eof while not eof begin stuff end else error could not find matching record
Senior Techie
FYI, you don’t ever want to put form data directly into your database without checking it first. At best you increase the likelihood of unwanted data-type related errors and at worst you leave yourself open to SQL injection attacks. [Client-Side] JavaScript validation is more for convenience than anything else. It just facilitates instant feedback to let the user know that they’ve missed something. As far as data integrity is concerned, your server-based checks are the ones that really matter.
To answer the question you asked, yes, you can check to see if an integer was entered. If you just want to check if a form field can be evaluated as a number you could, for example, use the IsNumeric function. Beyond that there is a world of techniques that you can use. I was partial to regular expression checks, limited as they are in ASP/VBScript.
I’m curious. Is this a new project you are starting in ASP/VBScript? ASP.NET has a much richer environment for addressing many of the problems I’ve seen you post. Granted, the initial learning curve is steeper but in the long run it is worth it.
P.S.
Use the term asp form validation in a Google search to find articles, tips and code on how to lock down your ASP form.
actually it is a newer version i am working on and i cant really do it over because iam doing different programs simultaneously.....
SOLUTION
_____________________________________
this is what i did
first if statement check to see if the field was filled outCode:function Form1_Validator(theForm) { // check if email field is blank var form_cost = theForm.txtCost.value; if (form_cost== "") { alert("You must enter The New Cost."); theForm.txtCost.focus(); return (false); } var _cost =parseFloat(theForm.txtCost.value); if (isNaN(_cost)) { alert("Please enter a valid value for the new cost."); theForm.txtCost.focus(); return(false); } return (true); } //--> </script>
second if statment checks to see if a number was entered
Apprentice
I agree with Goucham on at least one point. Even if you are the only one entering info, a quote or slash in the wrong spot can really screw things up and can sometimes not show for some time as well, making for really confusing bugs. If you are not going to use a language that has built in checks then search google for some for VBscripted ASP. The biggest things to look out for are slashes and quotes but they are not the only things. Ampersands(sp) comas semi colons and control codes can cause lots of problems to. And I am sure I am missing many more. The best way to solve the problem is to allow the characters that people will be using instead of blocking the ones that are potentially bad. I personally prefer simple tests before allowing the form to be submited and then have a full check after it has been submited. I believe that makes it a little bit harder for hackers to send using '\' or \\' or / etc to screw things up. Do you simple check onSubmit, if you do it on key up or some other such think hackers can by pass it by using cut and paste or other things.
Hope that helps. Sorry for typos or grammer I am in too much of a hurry to check.
Hardcore Techie
@keored,
What I would do for client side validation is use .Net 2.0 to do the client code easily, then just copy client script snippets to the older ASP project, but any other googled snippets would work just as well.
Server side validation is important for preventing SQL Injection Attacks (<--important: check this out if you don't know). .Net 2.0&1.0 has Regex for this purpose. If you were using SQL Server then you could use @parameters too.
Since you are using ASP, then if you need to stop hackers, you have to code a server validation with one of : a bit of work, VB regex, or googling. Work it out by checking every letter in the string with your own code, but a common reg ex might be better and faster after time. The cool thing about reg ex is that it is basically the same wherever you go. Plus there is alot of reg ex samples. Dont net 2.0 has a reg ex dropdownbox for common regexs which you can then copy and modify to the other project in ASP VB.
As suggested google it look at VBScritp
RegExp.Patternwhich runs a the default language for ASP
Let's act on what we agree on now, and argue later on what we don't.
Black men leave Barbeque alone if Barbeque don't trouble you
Senior Techie
You know I'm glad you mentioned this. As it turns out, there is no reason you can't use parameterized queries with an Access db as well. You don't even need to have the queries embedded in the Access file. You can use ad-hoc queries built in-script, using ‘?’ as a placeholder for values. I don't see it used that often but it is cleaner than the normal SQL statement by concatenation method. e.g.keroed1, a search for parameterized Access queries should get you started. I'll kick things off with this link straight from the horse's mouth.Code:SELECT ID, Name FROM Table WHERE ID = ? AND Name = ?
(HA! More reading for you to do. *smile*)
@Goucham lol no problem i dont have a problem reading once usefull information is there and some good examples thats how you learnu read and try examples and try out scenarios for urself
Posting Permissions
Reply With Quote