SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Sep 2001
    Location
    Georgia
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Declared Variables within a select statement

    I've been to about a half dozen ASP/SQL sites and cannot find this particular info.

    I have a dilemma... In my "select" statement which pulls data from a database, I want to populate the WHERE clauses with data from previously declared variables.

    However, I don't know if this is okay in ASP. Would someone take a look below and tell me if my select statement will work and if I am populating the WHERE clause correctly. That's a loaded question because I'm sure that I'm not.

    ---- begin my messy code -------
    <%
    Session("TechUser") = Request.Form("Username")
    Session("TechPass") = Request.Form("Password")
    DIM TechUser, TechPass
    TechUser = request("Username")
    TechPass = request("Password")

    Dim Connect
    Set Connect = Server.CreateObject("ADODB.Connection")
    Connect.Open "mydsn"
    Dim SUPwscreate
    Set Connect = Server.CreateObject("ADODB.Connection")
    Connect.Open "mydsn"
    Set SUPwscreate = Connect.Execute(_
    "SELECT * FROM sup_techs WHERE TechUser = '=TechUser' AND TechPass = '=TechPass'")
    do until SUPwscreate.EOF %>

    ---- End my messy code -------

    I am also having difficulty with how to denote the where clause. In PHP I would put single quotes around them like below.

    "select * from table_name WHERE TechUser = '$Somevariable' AND TechPass = '$Othervariable'"

    Are single quotes okay in ASP also?

    Any help will be appreciated.

    Thanks
    Bill
    signature

  2. #2
    SitePoint Enthusiast hendo's Avatar
    Join Date
    Jun 2001
    Location
    Australia
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yup....It's messy! But never mind....try this:

    Firstly, forget about the session variables as you're not using them. They are only for maintaining state across pages.

    ----------- begin hendo code ------------------
    DIM TechUser, TechPass, strSQL
    TechUser = request("Username")
    TechPass = request("Password")

    DIM SUPwscreate
    Set SUPwscreate = Server.CreateObject("ADODB.Recordset")
    strSQL = "SELECT * FROM sup_techs WHERE TechUser = '" & TechUser & "' AND TechPass = '" & TechPass & "'"
    SUPwscreate.Open "mydsn", StrSQL

    Do Until SUPwscreate.EOF

    .....

    -------------- end hendo code --------------------

    the key to it is in the strSQL = statement. You are creating an SQL statement by concatenating the SQL statement and adding your values in the middle. Don't forget that strings in an SQL statement must be enclosed in single quotes. e.g. 'hendo' - hence the double and single quotes together.

    The =techpass statement is only used when you want to write a variable to the browser.

    Hope that gets you started....have a great day!

    hendo
    Steve 'Hendo' Henderson
    EnVivo!CS: Fast and Affordable Web Content Management for ASP. 100% Script, No DLLs.
    www.netsystemsco.com

  3. #3
    SitePoint Member
    Join Date
    Sep 2001
    Location
    Georgia
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Hendo. The single quotes/double quotes info was exactly what I was looking for!

    When learning a new language, it is sometimes the simple things such as this that become road blocks as they are hard to find on the help sites.

    Regards,
    Bill
    signature


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •