Solved

Record does not update after submission

Posted on 2013-01-13
4
334 Views
Last Modified: 2013-01-13
I am trying to update individual records with a standard ASP update form.  I am able to select the record I want to update on the selection page, but the update page does not update the record. When I enter/select my new information and hit submit, I am redirected to the Thank You page, but the record is not updated.

Below is the code for the update page for review. Any assistance is greatly appreciated in correcting the issue. Thank you.

<%
Dim Recordset1
Dim Recordset1_numRows

pID=Request.Querystring("ID")
pIDX=Request.Form("IDX")

Set Recordset1 = Server.CreateObject("ADODB.recordset")
Recordset1.ActiveConnection = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=c:\inetpub\wwwroot\procedures\db\proc.mdb"

Recordset1.Source = "SELECT * FROM procedures WHERE proc_title = '"&Request.Form("proc_title")&"' " & pID

Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0

If request("Update") = "Update" Then

Set Recordset1 = Server.CreateObject("ADODB.connection")
Recordset1.Open "Driver={Microsoft Access Driver (*.mdb)}; DBQ=c:\inetpub\wwwroot\procedures\db\proc.mdb"

sql=""
If Request.Form("proc_title_new") & "" <> "" Then
  sql=sql & ",proc_title='" & Request.Form("proc_title_new") & "'"
End IF
If Request.Form("proc_file_new") & "" <> "" Then
  sql=sql & ",proc_file='" & Request.Form("proc_file_new") & "'"
End IF
If Request.Form("date_effective") & "" <> "" Then
  sql=sql & ",date_effective='" & Request.Form("date_effective_new") & "'"
End IF
If Request.Form("proc_info_new") & "" <> "" Then
sql=sql & ",proc_info='" & Request.Form("proc_info_new") & "'"
End IF

sql="UPDATE procedures SET " & Mid(sql, 2, 10000) 
sql=sql & " WHERE ID = " & pIDX& "" 
'response.write sql 
rs.Execute sql
       
Response.Redirect "thankyou.htm"   

ELSE

If request("Delete") = "Delete" Then

Set Recordset1 = Server.CreateObject("ADODB.connection")
Recordset1.open "Driver={Microsoft Access Driver (*.mdb)}; DBQ=c:\inetpub\wwwroot\procedures\db\proc.mdb"

sql="DELETE * FROM procedures"
sql=sql & " WHERE ID = " & pIDX & ""
Recordset1.Execute sql
      
Response.Redirect "thankyou.htm"   

end if
end if

%>

<html>
<head>
<title>Procedures Submission Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles/web.css" rel="stylesheet" type="text/css">
<link rel="shortcut icon" type="image/x-icon" href="favicon.ico">
<script language="javascript" src="scripts/datetimepicker.js"></script>
<script language="javascript" src="scripts/additional.js"></script>
</head>

<body leftmargin="0" topmargin="0" rightmargin="0">
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr>
    <td height="65" bgcolor="#000000"> 
      <div align="center"></div></td>
  </tr>
  <tr>
    <td><div align="center"> 
        <table width="600" border="0" cellpadding="0" cellspacing="0" class="text-large">
          <tr>
            <td><form action="thankyou.asp" method="post" name="form1">
                <table width="600" border="0" cellpadding="0" cellspacing="0" class="text-large">
                  <tr> 
                    <td>&nbsp;</td>
                  </tr>
                  <tr>
                    <td><div align="center"><strong><font color="#FF0000">MODIFICATIONS/UPDATE 
                        PAGE</font></strong></div></td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                  </tr>
                </table>
                <table width="600" border="0" cellpadding="0" cellspacing="0" class="text-large">
                  <tr> 
                    <td width="200" height="25"><font color="#000000"><strong>Current 
                      Procedures Title</strong></font></td>
                    <td><font color="#000000"><%=(Recordset1.Fields.Item("proc_title").Value)%></font></td>
                    <td width="10">&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td height="25"><font color="#FF0000"><strong>New Title</strong></font></td>
                    <td><input name="proc_title_new" type="text" id="proc_title_new" size="55" maxlength="100"></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td height="25"><strong>Current PDF/Document</strong></td>
                    <td><font color="#000000"><%=(Recordset1.Fields.Item("proc_file").Value)%></font></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td height="25"><font color="#FF0000"><strong>New File to 
                      be uploaded (PDF)</strong></font></td>
                    <td><input name="proc_file_new" type="file" id="proc_file_new" size="41"></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td height="25"><strong>Current Effective Date</strong></td>
                    <td><font color="#000000"><%=(Recordset1.Fields.Item("date_effective").Value)%></font></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td><strong><font color="#FF0000">New Effective Date</font></strong></td>
                    <td><input name="date_effective_new" type="text" id="date_effective_new" value="<%=date()%>" size="10" maxlength="10" readonly="true"> 
                      <a href="javascript:NewCal('date_effective_new','mmddyyyy')"><img src="images/calnew.gif" alt="Select an end date" width="22" height="16" border="0" align="absmiddle"></a> 
                      <font color="#585858">Use calendar to change date</font></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td><strong>Current Procedures Info</strong></td>
                    <td><font color="#000000"><%=(Recordset1.Fields.Item("proc_info").Value)%></font></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td><font color="#000000">&nbsp;</font></td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td valign="top"><font color="#FF0000"><strong>New Information</strong></font></td>
                    <td><textarea name="proc_info_new" cols="42" rows="10" id="proc_info_new"></textarea></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td height="17"><font color="#000000">&nbsp;</font></td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td><font color="#000000">&nbsp;</font></td>
                    <td><input name="date_sub" type="hidden" id="date_sub" value="<%=date()%>">
                      <strong> 
                      <input name="IDX" type="hidden" id="IDX" value="<%=(Recordset1.Fields.Item("ID").Value)%>">
                      </strong> </td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td><font color="#000000">&nbsp;</font></td>
                    <td><input name="Update" type="submit" id="Update" value="Update">
                      &nbsp; 
                      <input name="Clear" type="reset" id="Clear" value="Clear">
                      &nbsp; 
                      <input name="Delete" type="submit" id="Delete" onClick="GP_popupConfirmMsg('YOU ARE ABOUT TO DELETE THE CURRENT RECORD. CLICK OK TO CONTINUE OR CANCEL TO ABORT.');return document.MM_returnValue" value="Delete">
                      &nbsp;
                      <input name="button" type="button" onClick="location.href='submission_new.asp';" value="Go Back"></td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                  <tr> 
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                    <td>&nbsp;</td>
                  </tr>
                </table>
              </form></td>
          </tr>
        </table>
      </div></td>
  </tr>
</table>
</body>
</html>

Open in new window

0
Comment
Question by:arendt73
  • 4
4 Comments
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38772989
Please update this portion of your code so we can see the actual sql being submitted.

sql="UPDATE procedures SET " & Mid(sql, 2, 10000)
sql=sql & " WHERE ID = " & pIDX& "" 
'response.write sql
rs.Execute sql
       
Response.Redirect "thankyou.htm"


to

sql="UPDATE procedures SET " & Mid(sql, 2, 10000)
sql=sql & " WHERE ID = " & pIDX& "" 
response.write sql
rs.Execute sql
 
response.end      
'Response.Redirect "thankyou.htm"

Run the page and report back what response.write sql is.
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 38772994
This does not look right.

If Request.Form("proc_title_new") & "" <> "" Then
  sql=sql & ",proc_title='" & Request.Form("proc_title_new") & "'"
End IF

and should probably be

If Request.Form("proc_title_new") <>"" Then
  sql=sql & ",proc_title='" & Request.Form("proc_title_new") & "'"
End IF
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38773007
What is the purpose of this?

Mid(sql, 2, 10000)

To me it looks like a work around for something that is not right to start with.

I see this code in your sql

 sql=sql & ",proc_title='" & Request.Form("proc_title_new") & "'"

where you start out with a comma.  Just take out the comma.

What you probably want to end up with is something like

UPDATE procedures SET proc_title="whatever_reqform_proc_title_new_is" where ID="pidx_number"
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38773026
Since you are already using dreamweaver to create most of your asp, I think it would be good for you to start with the update and insert commands dreamweaver creates.  Once that works, then hand code.  I know you said before you think dreamweaver ads extra code. But that is just chatter from the mx days.  You are already using 90% of what dreamweaver creates as it is.  The big advantage for you is the newest versions of dreamweaver are using  their parameter quires and their own flavor of stored procedures.  This helps safeguard your data input.  

http://support.microsoft.com/kb/200190

In addition you should at least start scrubbing  your input with a minimal.

x=replace(request.form("x"),"'","")

If you are not expecting html then

x=replace(request.form("x"),"'","")
x=replace(x,"<","")
x=replace(x,">","")

If you are expecting a number then
x=replace(request.form("x"),"'","")
x=replace(x,"<","")
x=replace(x,">","")
if not isnumeric(x) then
     x=0 'if not a number, use zero or Null
end if
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I see at least one EE question a week that pertains to using temporary tables in MS Access.  But surprisingly, I was unable to find a single article devoted solely to this topic. I don’t intend to describe all of the uses of temporary tables in t…
I'm trying, I really am. But I've seen so many wrong approaches involving date(time) boundaries I despair about my inability to explain it. I've seen quite a few recently that define a non-leap year as 364 days, or 366 days and the list goes on. …
With Microsoft Access, learn how to specify relationships between tables and set various options on the relationship. Add the tables: Create the relationship: Decide if you’re going to set referential integrity: Decide if you want cascade upda…
With Microsoft Access, learn how to start a database in different ways and produce different start-up actions allowing you to use a single database to perform multiple tasks. Specify a start-up form through options: Specify an Autoexec macro: Us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now