Prev: mail attachment program using mailmessage
Next: Hotfix compatibility issue
From: Bob Barrows on 16 Jun 2010 16:32
Ron Hinds wrote:
> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
> news:hvb7jt$426$1(a)news.eternal-september.org...
>> Ron Hinds wrote:
>>> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
>>> news:hvb6f5$p7d$1(a)news.eternal-september.org...
>>>> Ron Hinds wrote:
>>
>>>>
>>>> arParms = Array(ValidationID, PageType, pagename)
>>>> Set oRS = oCommLocal.Execute(,arParms)
>>>
>>> The reason I was using explicit parameter objects is to thwart SQL
>>> Injection attacks. Will this method accomplish the same thing?
>>
>> Absolutely. It's the use of parameters that thwarts SQL Injection.
>> Unnamed parameters are still parameters. Behind the scenes, ADO is
>> creating those parameter objects, using the values in that variant
>> array.
>
> Thanks Bob, that worked. But now, when I try to reuse the Command
> object, I'm getting an error
>
Multiple-step_OLE_DB_operation_generated_errors._Check_each_OLE_DB_statu
s_value__if_available._No_work_was_done.
>
> All I've done is change the CommandText - this next one only has one
> parameter so I tried just sending that one parameter like so:
>
> oCommLocal.Execute(, ValidationID)
>
> Should I be setting it to Nothing and start over between uses?

Have you closed the recordset before trying to reuse the connection?
Only one open cursor is allowed at a time.

--
HTH,
Bob Barrows


From: Ron Hinds on 17 Jun 2010 14:59

"Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
news:hvbced$g02$1(a)news.eternal-september.org...
> Ron Hinds wrote:
>> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
>> news:hvb7jt$426$1(a)news.eternal-september.org...
>>> Ron Hinds wrote:
>>>> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
>>>> news:hvb6f5$p7d$1(a)news.eternal-september.org...
>>>>> Ron Hinds wrote:
>>>
>>>>>
>>>>> arParms = Array(ValidationID, PageType, pagename)
>>>>> Set oRS = oCommLocal.Execute(,arParms)
>>>>
>>>> The reason I was using explicit parameter objects is to thwart SQL
>>>> Injection attacks. Will this method accomplish the same thing?
>>>
>>> Absolutely. It's the use of parameters that thwarts SQL Injection.
>>> Unnamed parameters are still parameters. Behind the scenes, ADO is
>>> creating those parameter objects, using the values in that variant
>>> array.
>>
>> Thanks Bob, that worked. But now, when I try to reuse the Command
>> object, I'm getting an error
>>
> Multiple-step_OLE_DB_operation_generated_errors._Check_each_OLE_DB_statu
> s_value__if_available._No_work_was_done.
>>
>> All I've done is change the CommandText - this next one only has one
>> parameter so I tried just sending that one parameter like so:
>>
>> oCommLocal.Execute(, ValidationID)
>>
>> Should I be setting it to Nothing and start over between uses?
>
> Have you closed the recordset before trying to reuse the connection?
> Only one open cursor is allowed at a time.

Yes.


From: Bob Barrows on 17 Jun 2010 15:12
Ron Hinds wrote:
> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
> news:hvbced$g02$1(a)news.eternal-september.org...
>> Ron Hinds wrote:
>>> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
>>> news:hvb7jt$426$1(a)news.eternal-september.org...
>>>> Ron Hinds wrote:
>>>>> "Bob Barrows" <reb01501(a)NOyahoo.SPAMcom> wrote in message
>>>>> news:hvb6f5$p7d$1(a)news.eternal-september.org...
>>>>>> Ron Hinds wrote:
>>>>
>>>>>>
>>>>>> arParms = Array(ValidationID, PageType, pagename)
>>>>>> Set oRS = oCommLocal.Execute(,arParms)
>>>>>
>>>>> The reason I was using explicit parameter objects is to thwart SQL
>>>>> Injection attacks. Will this method accomplish the same thing?
>>>>
>>>> Absolutely. It's the use of parameters that thwarts SQL Injection.
>>>> Unnamed parameters are still parameters. Behind the scenes, ADO is
>>>> creating those parameter objects, using the values in that variant
>>>> array.
>>>
>>> Thanks Bob, that worked. But now, when I try to reuse the Command
>>> object, I'm getting an error
>>>
>>
Multiple-step_OLE_DB_operation_generated_errors._Check_each_OLE_DB_statu
>> s_value__if_available._No_work_was_done.
>>>
>>> All I've done is change the CommandText - this next one only has one
>>> parameter so I tried just sending that one parameter like so:
>>>
>>> oCommLocal.Execute(, ValidationID)
>>>
>>> Should I be setting it to Nothing and start over between uses?
>>
>> Have you closed the recordset before trying to reuse the connection?
>> Only one open cursor is allowed at a time.
>
> Yes.



Well, I guess you can try setting Prepared to false, but I would not
waste a lot of time getting to the bottom of this:
the simplest thing to do is re-instantiate the Command. There really is
no advantage to re-using the Command, beyond saving a couple lines of
code.


--
HTH,
Bob Barrows


First  |  Prev  | 
Pages: 1 2
Prev: mail attachment program using mailmessage
Next: Hotfix compatibility issue