Snitz Forums 2000 - Recipe MOD error

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: MOD Implementation

Recipe MOD error

New Topic

Topic Locked

Printer Friendly

Author

Topic

Page: of 2

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 28 June 2010 : 15:49:53

I am getting this error when creating a new category...

Microsoft OLE DB Provider for SQL Server error '80040e14'

Line 1: Incorrect syntax near 's'.

/Forum/admin_recipe.asp, line 71

line 71 is in red

 if newcat = "" then
   Response.Write ("Please enter category name")
else
   Set RS=Server.CreateObject("ADODB.Recordset")
   strSql="SELECT CAT_NAME FROM " & strTablePrefix & "RECIPE_CATEGORIES WHERE CAT_NAME='" & newcat & "'"
   RS.Open strSql,my_Conn , 2, 2   if rs.eof then
      been_here_before="No"
   end if
   RS.close
   set RS = nothing

any ideas??

EDIT: I think it may have been because there was an ' in the text for the new category

Dave

No good at coding, but I can plough a field !!

Edited by - thermal_seeker on 28 June 2010 17:06:30

MarcelG
Retired Support Moderator

Netherlands
2625 Posts

Posted - 29 June 2010 : 03:21:03

Shouldn't the part "if rs.eof then" be on the next line?

portfolio - linkshrinker - oxle - twitter

Classicmotorcycling
Development Team Leader

Australia
2085 Posts

Posted - 29 June 2010 : 04:09:40

This is what was released in the code for that area and I have not had an issue:


if newcat = "" then
	Response.Write ("Please enter category name")
else
	Set RS=Server.CreateObject("ADODB.Recordset")
	strSql="SELECT CAT_NAME FROM " & strTablePrefix & "RECIPE_CATEGORIES WHERE CAT_NAME='" & newcat & "'"
	RS.Open strSql,my_Conn , 2, 2
	if rs.eof then
		been_here_before="No"
	end if
	RS.close
	set RS = nothing

	if been_here_before="No" then 
		set rsinsert = my_Conn.Execute ("insert into " & strTablePrefix & "RECIPE_CATEGORIES (CAT_NAME) values ('" & newcat & "')")
		Response.write "<font face=""" & strDefaultFontFace & """ color=""" & strDefaultFontColor & """ size=""" & strDefaultFontSize & """><b>" & frLang(strLangAdminRecipe00050) & "</b></font>"
	else
		Response.Write "<font face=""" & strDefaultFontFace & """ color=""" & strDefaultFontColor & """ size=""" & strDefaultFontSize & """><b>" & frLang(strLangAdminRecipe00060) & "</b></font>"
	end if
end if

Cheers,

David Greening

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 29 June 2010 : 08:02:26

MarcelG, yes it should be on the next line, it is in my file, it must have happened as I copied over.

I have found it is the ' that is causing the error.

Test's gives the error and Tests does not.

Dave

No good at coding, but I can plough a field !!

Shaggy
Support Moderator

Ireland
6780 Posts

Posted - 29 June 2010 : 09:20:39

Is the newcat variable being sanitised anywhere using the chkString function?

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”

Carefree
Advanced Member

Philippines
4222 Posts

Posted - 29 June 2010 : 19:09:54

The variable is being checked, the problem must be either (1) a mod to Thermal_Seeker's "inc_func_common.asp" which affects the chkString function, or (2) a change to his "admin_recipe.asp". I suspect it's the first because the line number for the error is correct.

[edit]I really should read what I type before hitting submit. lol
Didn't mean "inc_header" but "inc_func_common".

Edited by - Carefree on 30 June 2010 10:00:33

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 : 01:44:50

What should I be looking for in inc_header??

Dave

No good at coding, but I can plough a field !!

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 : 02:42:28

I have spotted something else

Trust me!!

Someone has posted a recipe and when viewed by someone else the "Contributor" is showing as the person viewing rather than the original poster.??

Dave

No good at coding, but I can plough a field !!

Carefree
Advanced Member

Philippines
4222 Posts

Posted - 30 June 2010 : 09:59:15

Post a link to your "inc_func_common.asp" in .txt format for us to look at (to review your chkString function).

For the second issue:

In "recipe.asp", look for the following lines (appx 1405 - 1413):


if strDBNTUserName = "" then
 Response.write "								<td width=""85%"" valign=""top"">" & vbNewLine & _
		"									<font face=""" & strDefaultFontFace & """ color=""" & strDefaultFontColor & """ size=""" & strDefaultFontSize & """>" & strRECIPEUPLOADER & "</font> " & vbNewLine & _
		"								</td>" & vbNewLine
else
 Response.write "								<td width=""85%"" valign=""top"">" & vbNewLine & _
		"									<font face=""" & strDefaultFontFace & """ color=""" & strDefaultFontColor & """ size=""" & strDefaultFontSize & """>" & strDBNTUserName & "</font><input type=""hidden"" value=""" & strDBNTUserName & """ name=""uploader"">" & vbNewLine & _
		"								</td>" & vbNewLine
end if

Change them to read:


 Response.write "								<td width=""85%"" valign=""top"">" & vbNewLine & _
		"									<font face=""" & strDefaultFontFace & """ color=""" & strDefaultFontColor & """ size=""" & strDefaultFontSize & """>" & strRECIPEUPLOADER & "</font> " & vbNewLine & _
		"								</td>" & vbNewLine

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 : 13:18:35

Inc_func_common

Thanks for the recipe change Carefree..

Dave

No good at coding, but I can plough a field !!

Carefree
Advanced Member

Philippines
4222 Posts

Posted - 30 June 2010 : 14:43:17

The cause is not in "inc_func_common.asp", so it must be in a change to your "recipe.asp" file. Post what you have in .txt format and we can try and solve this.

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 30 June 2010 : 15:52:08

recipe

Thanks

Dave

No good at coding, but I can plough a field !!

Carefree
Advanced Member

Philippines
4222 Posts

Posted - 30 June 2010 : 20:59:50

See what I mean about not reading before I submit a message? The file I need to look at isn't "recipe.asp" but "admin_recipe.asp". Please give me a link to a .txt version of it.

thermal_seeker
Junior Member

United Kingdom
430 Posts

Posted - 01 July 2010 : 01:03:36

quote:
Originally posted by Carefree

See what I mean about not reading before I submit a message? The file I need to look at isn't "recipe.asp" but "admin_recipe.asp". Please give me a link to a .txt version of it.

admin_recipe.asp

No good at coding, but I can plough a field !!

Carefree
Advanced Member

Philippines
4222 Posts

Posted - 01 July 2010 : 01:43:57

No problem on your file, but here's a work-around (since you're using Sql, we'll use an apostrophe to escape the apostrophe).

In "admin_recipe.asp", search for the following line (appx 64):

newcat = trim(chkString(Request.Form("newcat"), "title"))

Immediately after that, insert this line:

newcat=newcat.Replace("'", "''")

Shaggy
Support Moderator

Ireland
6780 Posts

Posted - 01 July 2010 : 04:23:16

If the only use for newcat is passing it through to that SQL string then you should use "sqlstring" instead of "title" when passing it through chkString; that will sanitise it properly for each database type. If newcat is being used in a number of places in different ways then it should be passed through chkString each time, using the appropriate string type.

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”

Page: of 2

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.48 seconds.