Answered
Update Record Parameter Variable SQL injection
Hello...Please advise how to correct code... The update
record field recordcurrent is a y/n checkbox field with radio
buttons for selecting response with default as N. Here is the code
that has an error:
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param11", 5, 1, -1, MM_IIF(Request.Form("RecordCurrentCheck"), Request.Form("RecordCurrentCheck"), null)) ' adDouble
The code for the recordset follows:
<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("Y")) Then Response.Write("checked=""checked""") : Response.Write("")%> type="radio" name="RecordCurrentCheck" value="Y">
Yes
<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("N")) Then Response.Write("checked=""checked""") : Response.Write("")%> type="radio" name="RecordCurrentCheck" value="N"checked>
Should there be a second createparameter based on there being two buttons?
Thank you for your assistance,
Much confused one,
Lara
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param11", 5, 1, -1, MM_IIF(Request.Form("RecordCurrentCheck"), Request.Form("RecordCurrentCheck"), null)) ' adDouble
The code for the recordset follows:
<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("Y")) Then Response.Write("checked=""checked""") : Response.Write("")%> type="radio" name="RecordCurrentCheck" value="Y">
Yes
<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("N")) Then Response.Write("checked=""checked""") : Response.Write("")%> type="radio" name="RecordCurrentCheck" value="N"checked>
Should there be a second createparameter based on there being two buttons?
Thank you for your assistance,
Much confused one,
Lara
AdChoices