Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Troubleshooting a Parameterized SQL Statement in asp

Tags:

asp-classic

vbscript

adodb

I'm trying to secure some legacy code written in what I guess is VB or asp(Not really sure if there is a difference). When I try to execute the statement the page gets an internal server error. I'm convinced this is a result of the connection but I don't know the language well enough to know how to troubleshoot it.

What I know of the language and the ADODB library has come from W3Schools documentation and this post.

Here is the code I have written (Identifying information redacted)

SET Conn=server.CreateObject("adodb.connection")
Conn.Open "Provider=sqloledb;SERVER=I;DATABASE=Hate;UID=My;PWD=Life;"

SET countCmd = createobject("adodb.command")
countCmd.ActiveConnection = Conn
countCmd.commandText = "SELECT COUNT(*) FROM [table1] WHERE FY=@fy"

countCmd.Parameters.Append countCmd.createparameter("@fy", 200, 1, 255, fy)
SET pcount = countCmd.Execute() 'This is where the error happens

My end goal is not just to get a count from this table but to understand th adodb library well enough that I could continue parameterizing all of the queries in this legacy code base that need it.

I appreciate any help and would love a detail explanation.

EDIT

I wish I could accept both of these answers as the accepted answer because together I think they are the perfect answer. I ended up using both so upvote these guys por favor.

like image 589
TheDude Avatar asked Jul 10 '16 19:07

TheDude

Video Answer

1 Answers

When using a CommandType of adCmdText the placeholder expected by ADODB is ? and trying to passed named parameters like @fy in the CommandText will fail. It is an unfortunate failing in ADODB that

countCmd.NamedParameters = True

only works with a CommandType of adCmdStoredProc and only with certain providers.

However there is a simple workaround for SQL Server (and possibly other providers depending on what they support) which is to build the named parameters in the CommandText like so;

countCmd.commandText = _
    "DECLARE @fy AS VARCHAR(255);" & vbCrLf & _
    "SET @fy = ?;" & vbCrLf & _
    "SELECT COUNT(*) FROM [table1] WHERE FY=@fy;"

Useful Links

  • ADO parameterised query not returning any result

  • ADODB.Parameters error '800a0e7c' Parameter object is improperly defined. Inconsistent or incomplete information was provided

like image 191
user692942 Avatar answered Oct 07 '22 02:10

user692942
Sign in to Comment

Related questions

VBSCRIPT slow under Windows Feature Update 1803
How can I kill a process, using VBScript, started by a particular user
Executing a script file from a Windows Installer Custom Action
MSXML2.ServerXMLHTTP.4.0 Source?
Check if the script has elevated permissions
Can I initialize objects written in JScript from VBScript?
How do I associate Parameters to Command objects in ADO with VBScript?
VBScript iterating through XML child nodes and retrieving values
ASP Classic - XML Dom
Embed VBScript inside Windows batch file
How to tell the difference between a VBscript is run from command line or by clicking it in a window?
Showing NTFS timestamp with 100 nsec granularity
Fine-grained timer for VBScript performance measurements
Macro gets disabled if called using a vb script
Enum with vbscript
Retrieve the value of a XML attribute in VBS
Regular Expression to match {asdf} but not {{asdf}}
vbscript to auto detect open window and close it OR Google Apps Script to control form submit button
How do I make my custom class compatible with For Each?
Age calculation in years, months, days

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!