Update Record Parameter Variable SQL injection

Report · Jul 16, 2006

Hello...Please advise how to correct code... The update record field recordcurrent is a y/n checkbox field with radio buttons for selecting response with default as N. Here is the code that has an error:

MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param11", 5, 1, -1, MM_IIF(Request.Form("RecordCurrentCheck"), Request.Form("RecordCurrentCheck"), null)) ' adDouble

The code for the recordset follows:

<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("Y")) Then Response.Write("checked=""checked""") : Response.Write("")%> type="radio" name="RecordCurrentCheck" value="Y">
Yes
<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("N")) Then Response.Write("checked=""checked""") : Response.Write("")%> type="radio" name="RecordCurrentCheck" value="N"checked>

Should there be a second createparameter based on there being two buttons?

Thank you for your assistance,
Much confused one,
Lara

Report · Jul 17, 2006

Try...

<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("Y")) Then Response.Write("checked='checked'")%> type="radio" name="RecordCurrentCheck" value="Y"> Yes
<input <%If (CStr((eprofile.Fields.Item("RecordCurrent").Value)) = CStr("N")) Then Response.Write("checked='checked'")%> type="radio" name="RecordCurrentCheck" value="N"> No

Report · Jul 18, 2006

Thank you so much for your reply...I endedup changing the data format completely to enter the current date the record is updated! Working now, but i'm going to save your note for other pages with radiobuttons.

Mucho Gracie,'
Lara

Update Record Parameter Variable SQL injection

1 Correct answer

Photos