1. 首頁
  2. 問答
  3. 爲什麼我不能使用ASP和SQL Server編輯記錄?

爲什麼我不能使用ASP和SQL Server編輯記錄?

2012-05-21 47 views
0

我有一個使用ASP經典和SQL Server 2005的Web應用程序。爲什麼我不能使用ASP和SQL Server編輯記錄?

當我嘗試編輯記錄時,網頁顯示HTTP 500 - Internal server error。我試圖跟蹤錯誤,我認爲問題來自FORM ACTION目錄。

這裏是我的形式聲明:

<form name="frmEdit" method="post" action="/dairypo/master/tpl/queries/qupdate.asp" 
     onsubmit="return CheckOtherInfo();">

這裏是qupdate.asp:

<!-- #include file="../../../include/createconnection.asp" --> 
<% 
    act = 1 
    if trim(request.form("chkAct")) = "" then 
     act = 0 
    end if 
    curid = trim(request.form("hdnId")) 
    nprice = cDbl(request.form("txtPrice")) 
    nprice_big = cDbl(request.form("txtPrice_Big")) 
    nrate = cDbl(request.form("txtRate")) 
    csatuan_big = trim(request.form("selOrdSatuan1")) 
    csatuan = trim(request.form("selOrdSatuan2")) 

    objCommand_1.commandText = " SELECT nkonversi FROM ms_metriks WHERE csatuan1 = '" & csatuan_big & "' AND csatuan2 = '" & csatuan & "' " 
    set qMetriks = objCommand_tpl.execute 
    nkonversi = 1 
    if NOT qMetriks.BOF then 
     nkonversi = cDbl(qMetriks("nkonversi")) 
    end if 
    if nprice_big<>0 AND nprice=0 then 
     nprice = nprice_big/nkonversi 
    elseif nprice_big=0 AND nprice<>0 then 
     nprice_big = nprice*nkonversi 
    end if 
    objCommand_tpl.commandText = "UPDATE ms_tpl SET " &_ 
          " dlastupdate = '" & date() & "', " &_ 
          " ctipejual = '" & trim(request.form("selBy")) & "'," &_ 
          " ckdgruprelasi = '" & trim(request.form("selgCust")) & "', " &_ 
          " ckdrelasi = '" & trim(request.form("selCust")) & "', " &_ 
          " dtglvalidawal = '" & trim(request.form("txtDate1")) & "', " &_ 
          " dtglvalidakhir = '" & trim(request.form("txtDate2")) & "', " &_ 
          " ckdcurrency = '" & trim(request.form("selCurr")) & "', " &_ 
          " nhargaperiod = " & nprice & ", " &_ 
          " nhargaperiodmax = " & nprice & ", " &_ 
          " nharga1 = " & nprice & ", " &_ 
          " nharga2 = " & nprice_big & ", " &_ 
          " csatuan1 = '" & csatuan & "', " &_ 
          " csatuan2 = '" & csatuan_big & "', " &_ 
          " nrate = " & nrate & ", " &_ 
          " bactive = " & act & ", " &_ 
          " ckdwilayah = '" & trim(request.form("selLok")) & "' " &_ 
          " WHERE id = " & curid & " " 
    set qUpdateRelasi = objCommand_tpl.Execute 

    objCommand_tpl.commandText = "INSERT INTO ms_tplhist "&_ 
           "(cUserId, dLastUpdate,ctipejual,cKdUnitKey, cKdGrupRelasi, cKdRelasi, cKdBarang, bIsFluc, cSatPeriod, "&_ 
           " nHargaPeriod,dTglValidAwal, dTglValidAkhir, cKdCurrency,cSatuan1,cSatuan2, nHarga1, nHarga2,nRate, bActive) "&_ 
           "SELECT cUserId, dLastUpdate,ctipejual,cKdUnitKey, cKdGrupRelasi, cKdRelasi, cKdBarang, bIsFluc, cSatPeriod, "&_ 
           " nHargaPeriod,dTglValidAwal, dTglValidAkhir, cKdCurrency,cSatuan1,cSatuan2, nHarga1, nHarga2,nRate, bActive "&_ 
           "FROM ms_tpl "&_ 
           " WHERE id = " & curid & " " 
    set qBackupData = objCommand_tpl.Execute    
%> 

<form name="frmControl" action="/dairypo/homepage.asp?contID=mstpl_idxs" method="post"> 
<% 
    for each form in request.form 
     response.write "<input type=""hidden"" name=""" & form & """ value=""" & request.form(form) & """>" & vbcrlf 
    next 
%> 
</form> 
<script> 
    document.frmControl.submit() 
</script>

來源

2012-05-21 blankon91

+0

什麼是錯誤?代碼是什麼?我們應該如何知道'qupdate.asp'中的內容? – Tom

+0

當我嘗試更新記錄時,它從Internet Explorer「HTTP 500 - 內部服務器錯誤」中獲取錯誤頁面,並且存在qupdate.asp和add.asp(表單)中的代碼.. – blankon91

+3

'HTTP 500 Internal Server錯誤'是一般性迴應;它可以是任何東西。在瀏覽器中關閉「友好的錯誤消息」,並確保您的Web服務器配置爲輸出錯誤消息。快速瀏覽一下你的ASP代碼看起來不錯;我猜這是SQL相關的東西 – Tom

回答

4

跟進答案關閉了這一點,基於上述意見。

'HTTP 500內部服務器錯誤'是一種通用的響應;它可以是任何東西。在瀏覽器中關閉「友好的錯誤消息」,並確保您的Web服務器配置爲輸出錯誤消息。快速瀏覽一下你的ASP代碼看起來不錯;我猜這件事情SQL相關

此外,一到什麼AnthonyWJones說:

BTW blankon91,你應該考慮研究「SQL注入攻擊」,看看它是如何不明智來連接到達值從客戶端轉換爲SQL字符串。改用參數化查詢

來源

2012-05-21 19:21:25 Tom

相關問題

 相關問題