chipsterva69
asked on
passing ASP server variable into SQL insert statement
Good day -
I am trying to pass the user_logon server variable from my ASP page into a SQL statement that inserts into a database. I thought I could pass it as a DIM variable, but I can't get the SQL portion see the variable.
What I have - at the top of the page, under the language declaration (VB):
<%
Dim username
username = Request.ServerVariables("L OGON_USER" )
%>
Further down the page is my SQL
INSERT INTO [bill_info]
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated, (<% username %>) )
I get the following error information:
Incorrect syntax near '<'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlE xception: Incorrect syntax near '<'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Incorrect syntax near '<'.]
System.Data.SqlClient.SqlC onnection. OnError(Sq lException exception, Boolean breakConnection) +95
System.Data.SqlClient.SqlI nternalCon nection.On Error(SqlE xception exception, Boolean breakConnection) +82
System.Data.SqlClient.TdsP arser.Thro wException AndWarning (TdsParser StateObjec t stateObj) +346
System.Data.SqlClient.TdsP arser.Run( RunBehavio r runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +3244
System.Data.SqlClient.SqlC ommand.Fin ishExecute Reader(Sql DataReader ds, RunBehavior runBehavior, String resetOptionsString) +186
System.Data.SqlClient.SqlC ommand.Run ExecuteRea derTds(Com mandBehavi or cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +1121
System.Data.SqlClient.SqlC ommand.Run ExecuteRea der(Comman dBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +334
System.Data.SqlClient.SqlC ommand.Int ernalExecu teNonQuery (DbAsyncRe sult result, String methodName, Boolean sendToPipe) +407
System.Data.SqlClient.SqlC ommand.Exe cuteNonQue ry() +149
System.Web.UI.WebControls. SqlDataSou rceView.Ex ecuteDbCom mand(DbCom mand command, DataSourceOperation operation) +493
System.Web.UI.WebControls. SqlDataSou rceView.Ex ecuteInser t(IDiction ary values) +549
System.Web.UI.DataSourceVi ew.Insert( IDictionar y values, DataSourceViewOperationCal lback callback) +173
System.Web.UI.WebControls. FormView.H andleInser t(String commandArg, Boolean causesValidation) +624
System.Web.UI.WebControls. FormView.H andleEvent (EventArgs e, Boolean causesValidation, String validationGroup) +745
System.Web.UI.WebControls. FormView.O nBubbleEve nt(Object source, EventArgs e) +163
System.Web.UI.Control.Rais eBubbleEve nt(Object source, EventArgs args) +56
System.Web.UI.WebControls. FormViewRo w.OnBubble Event(Obje ct source, EventArgs e) +118
System.Web.UI.Control.Rais eBubbleEve nt(Object source, EventArgs args) +56
System.Web.UI.WebControls. LinkButton .OnCommand (CommandEv entArgs e) +107
System.Web.UI.WebControls. LinkButton .RaisePost BackEvent( String eventArgument) +176
System.Web.UI.WebControls. LinkButton .System.We b.UI.IPost BackEventH andler.Rai sePostBack Event(Stri ng eventArgument) +31
System.Web.UI.Page.RaisePo stBackEven t(IPostBac kEventHand ler sourceControl, String eventArgument) +32
System.Web.UI.Page.RaisePo stBackEven t(NameValu eCollectio n postData) +244
System.Web.UI.Page.Process RequestMai n(Boolean includeStagesBeforeAsyncPo int, Boolean includeStagesAfterAsyncPoi nt) +3837
I did the original page development in MSoft's Visual Web Developer 2005, in case that matters.
Any help would be greatly appreciated!
I am trying to pass the user_logon server variable from my ASP page into a SQL statement that inserts into a database. I thought I could pass it as a DIM variable, but I can't get the SQL portion see the variable.
What I have - at the top of the page, under the language declaration (VB):
<%
Dim username
username = Request.ServerVariables("L
%>
Further down the page is my SQL
INSERT INTO [bill_info]
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated, (<% username %>) )
I get the following error information:
Incorrect syntax near '<'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlE
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Incorrect syntax near '<'.]
System.Data.SqlClient.SqlC
System.Data.SqlClient.SqlI
System.Data.SqlClient.TdsP
System.Data.SqlClient.TdsP
System.Data.SqlClient.SqlC
System.Data.SqlClient.SqlC
System.Data.SqlClient.SqlC
System.Data.SqlClient.SqlC
System.Data.SqlClient.SqlC
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.DataSourceVi
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.Control.Rais
System.Web.UI.WebControls.
System.Web.UI.Control.Rais
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.Page.RaisePo
System.Web.UI.Page.RaisePo
System.Web.UI.Page.Process
I did the original page development in MSoft's Visual Web Developer 2005, in case that matters.
Any help would be greatly appreciated!
ASKER
i tried that combination already, and while it does not raise any errors, it also does not pass the variable - here is the insert result...
Edit Delete 7 hs59 test test test test AL 4/4/2006 10:40:05 AM <%= username %>
it interprets the tag as a string, i guess.
Edit Delete 7 hs59 test test test test AL 4/4/2006 10:40:05 AM <%= username %>
it interprets the tag as a string, i guess.
Try..
INSERT INTO [bill_info]
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated," & username & ")
INSERT INTO [bill_info]
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated," & username & ")
in my Example The Entire Sql statement was in a String (with double quotes around).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
okay - tried both...
for jitqanquly --- got the following error when I used @username
Must declare the scalar variable "@username".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlE xception: Must declare the scalar variable "@username".
* as for nulls - the only people inserting on this application are in the office network, so we can reinforce the log in
for adilkhan --- when I tried double quotes, I got a 'poorly formed tag' error - the entire insert statement is already in double quotes. I tried single quotes, and got the following - again, the tag was inserted as a string, not the variable info (of course, now I remember that single quotes in a SQL statement enforce the enclosed info is inserted as a string... duh - sorry!).
Edit Delete 8 hs60 test test test test AL 4/4/2006 11:12:56 AM & username &
for jitqanquly --- got the following error when I used @username
Must declare the scalar variable "@username".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlE
* as for nulls - the only people inserting on this application are in the office network, so we can reinforce the log in
for adilkhan --- when I tried double quotes, I got a 'poorly formed tag' error - the entire insert statement is already in double quotes. I tried single quotes, and got the following - again, the tag was inserted as a string, not the variable info (of course, now I remember that single quotes in a SQL statement enforce the enclosed info is inserted as a string... duh - sorry!).
Edit Delete 8 hs60 test test test test AL 4/4/2006 11:12:56 AM & username &
In your SP
Declare @username [sometype]
Declare @username [sometype]
ASKER
jitqanquly ---
okay... no more errors, but now the value is blank. it isn't seeing the tag as a string, but it still isn't getting the value of the variable. i know the value is there, because I have a test tag that will show the value if the page sees it.
here is the code snippet that i have in place:
<%
Dim username
username = Request.ServerVariables("L OGON_USER" )
%>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:statedet ailSqlData Source2 %>"
SelectCommand="SELECT * FROM [bill_info]"
InsertCommand="INSERT INTO [bill_info]
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated, @username)">
<InsertParameters>
<asp:Parameter Name="id" Type="String" />
<asp:Parameter Name="bill_number" Type="String" />
<asp:Parameter Name="sponsor" Type="String" />
<asp:Parameter Name="status" Type="String" />
<asp:Parameter Name="summary" Type="String" />
<asp:Parameter Name="link" Type="String" />
<asp:Parameter Name="state_id" Type="String" />
<asp:Parameter Name="entered" Type="DateTime" />
<asp:Parameter Name="updated" Type="DateTime" />
<asp:Parameter Name="entered_user" Type="String" />
<asp:Parameter Name="updated_user" Type="String" />
<asp:Parameter Name="username" Type="String" />
</InsertParameters>
</asp:SqlDataSource><br /><br />
1: <%Response.Write(Request.S erverVaria bles("logo n_user"))% ></br>
2: <%Response.Write(username) %>
Note: at the bottom, both 1 and 2 appear the same.
okay... no more errors, but now the value is blank. it isn't seeing the tag as a string, but it still isn't getting the value of the variable. i know the value is there, because I have a test tag that will show the value if the page sees it.
here is the code snippet that i have in place:
<%
Dim username
username = Request.ServerVariables("L
%>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:statedet
SelectCommand="SELECT * FROM [bill_info]"
InsertCommand="INSERT INTO [bill_info]
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated, @username)">
<InsertParameters>
<asp:Parameter Name="id" Type="String" />
<asp:Parameter Name="bill_number" Type="String" />
<asp:Parameter Name="sponsor" Type="String" />
<asp:Parameter Name="status" Type="String" />
<asp:Parameter Name="summary" Type="String" />
<asp:Parameter Name="link" Type="String" />
<asp:Parameter Name="state_id" Type="String" />
<asp:Parameter Name="entered" Type="DateTime" />
<asp:Parameter Name="updated" Type="DateTime" />
<asp:Parameter Name="entered_user" Type="String" />
<asp:Parameter Name="updated_user" Type="String" />
<asp:Parameter Name="username" Type="String" />
</InsertParameters>
</asp:SqlDataSource><br /><br />
1: <%Response.Write(Request.S
2: <%Response.Write(username)
Note: at the bottom, both 1 and 2 appear the same.
ASKER
just to add... it appears that no matter what I set the variable to be (i have tried plain text, numbers, etc.), the SQL statement does not see it. the asp command response.write, however, does see it, and faithfully presents the variable. the trick appears to be how to set up the variable so that it can be inserted into the SQL statement. this is all probably overly obvious to those with a lot more experience, but it is pretty frustrating to me.
Not sure what you are doing, but could use only whatever parameters needed for the insert statement from here
<asp:Parameter Name="id" Type="String" />
<asp:Parameter Name="bill_number" Type="String" />
<asp:Parameter Name="sponsor" Type="String" />
<asp:Parameter Name="status" Type="String" />
<asp:Parameter Name="summary" Type="String" />
<asp:Parameter Name="link" Type="String" />
<asp:Parameter Name="state_id" Type="String" />
<asp:Parameter Name="entered" Type="DateTime" />
<asp:Parameter Name="updated" Type="DateTime" />
<asp:Parameter Name="entered_user" Type="String" />
<asp:Parameter Name="updated_user" Type="String" />
<asp:Parameter Name="username" Type="String" />
<asp:Parameter Name="id" Type="String" />
<asp:Parameter Name="bill_number" Type="String" />
<asp:Parameter Name="sponsor" Type="String" />
<asp:Parameter Name="status" Type="String" />
<asp:Parameter Name="summary" Type="String" />
<asp:Parameter Name="link" Type="String" />
<asp:Parameter Name="state_id" Type="String" />
<asp:Parameter Name="entered" Type="DateTime" />
<asp:Parameter Name="updated" Type="DateTime" />
<asp:Parameter Name="entered_user" Type="String" />
<asp:Parameter Name="updated_user" Type="String" />
<asp:Parameter Name="username" Type="String" />
Never used insert parameter, guess you have to use oen of these probably
ControlParameter,FormParam eter,Query Parameter or FormParameter
ControlParameter,FormParam
http://www.dotnetjohn.com/articles.aspx?articleid=158
This example shows it only uses those parameters that are needed for the insert statement
This example shows it only uses those parameters that are needed for the insert statement
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
CtrlAltDl - will do.
jitqanquly - thanks for all your help up to this point. i will post whatever the solution turns out to be and close the question out.
jitqanquly - thanks for all your help up to this point. i will post whatever the solution turns out to be and close the question out.
So whats the result ? Though AS.net would be a better palce to post it, but this TA is most popular and you will get prompt answer here only.
Good luck
Good luck
ASKER
i don't know enough about ASP.NET to say if the eventual solution to my issue was more ASP or ASP.NET, the final solution was as follows:
in the supporting default.aspx.vb page, add a function for FormView1_ItemInserting() for the form view and add this:
Protected Sub FormView1_ItemInserting(By Val sender As Object, ByVal e As FormViewInsertEventArgs)
SqlDataSource1.InsertParam eters("use rname").De faultValue = Request.ServerVariables("l ogon_user" )
End Sub
change the formview tag to this:
<asp:FormView ID="FormView1" runat="server" DataKeyNames="bill_number"
DataSourceID="SqlDataSourc e1" OnItemInserting="FormView1 _ItemInser ting">
you can view the thread on how this was fixed here:
https://www.experts-exchange.com/questions/21803948/passing-ASPX-server-variable-into-SQL-insert-statement.html
whityum ended up solving it there, but thanks to jitqanquly and ctrlaltdl for getting me up to speed
in the supporting default.aspx.vb page, add a function for FormView1_ItemInserting() for the form view and add this:
Protected Sub FormView1_ItemInserting(By
SqlDataSource1.InsertParam
End Sub
change the formview tag to this:
<asp:FormView ID="FormView1" runat="server" DataKeyNames="bill_number"
DataSourceID="SqlDataSourc
you can view the thread on how this was fixed here:
https://www.experts-exchange.com/questions/21803948/passing-ASPX-server-variable-into-SQL-insert-statement.html
whityum ended up solving it there, but thanks to jitqanquly and ctrlaltdl for getting me up to speed
([bill_number], [sponsor], [status], [summary], [link], [state_id], [entered], [updated], [entered_user])
VALUES
(@bill_number, @sponsor, @status, @summary, @link, @state_id, (getdate()), @updated, '<%= username %>' )