sql-server-2005 - 为什么我不能使用 ASP 和 SQL Server 编辑记录？

Question

我有一个使用 ASP 经典和 SQL Server 2005 的 Web 应用程序。

当我尝试编辑记录时，网页显示HTTP 500 - Internal server error. 我尝试跟踪错误，我认为问题来自 FORM ACTION 目录。

这是我的表单声明：

<form name="frmEdit" method="post" action="/dairypo/master/tpl/queries/qupdate.asp" 
      onsubmit="return CheckOtherInfo();">

这是在 qupdate.asp 上：

<!-- #include file="../../../include/createconnection.asp" -->
<%
    act = 1
    if trim(request.form("chkAct")) = "" then
        act = 0
    end if
    curid = trim(request.form("hdnId"))
    nprice = cDbl(request.form("txtPrice"))
    nprice_big = cDbl(request.form("txtPrice_Big"))
    nrate = cDbl(request.form("txtRate"))
    csatuan_big = trim(request.form("selOrdSatuan1"))
    csatuan = trim(request.form("selOrdSatuan2"))

    objCommand_1.commandText = " SELECT nkonversi FROM ms_metriks WHERE csatuan1 = '" & csatuan_big & "' AND csatuan2 = '" & csatuan & "' "
    set qMetriks = objCommand_tpl.execute
    nkonversi = 1
    if NOT qMetriks.BOF then
        nkonversi = cDbl(qMetriks("nkonversi"))
    end if
    if nprice_big<>0 AND nprice=0 then
        nprice = nprice_big/nkonversi
    elseif nprice_big=0 AND nprice<>0 then
        nprice_big = nprice*nkonversi
    end if
    objCommand_tpl.commandText = "UPDATE ms_tpl SET " &_
                            "   dlastupdate = '" & date() & "', " &_
                            "   ctipejual = '" & trim(request.form("selBy")) & "'," &_
                            "   ckdgruprelasi = '" & trim(request.form("selgCust")) & "', " &_
                            "   ckdrelasi = '" & trim(request.form("selCust")) & "', " &_
                            "   dtglvalidawal = '" & trim(request.form("txtDate1")) & "', " &_
                            "   dtglvalidakhir = '" & trim(request.form("txtDate2")) & "', " &_
                            "   ckdcurrency = '" & trim(request.form("selCurr")) & "', " &_
                            "   nhargaperiod = " & nprice & ", " &_
                            "   nhargaperiodmax = " & nprice & ", " &_
                            "   nharga1 = " & nprice & ", " &_
                            "   nharga2 = " & nprice_big & ", " &_
                            "   csatuan1 = '" & csatuan & "', " &_
                            "   csatuan2 = '" & csatuan_big & "', " &_
                            "   nrate = " & nrate & ", " &_
                            "   bactive = " & act & ", " &_
                            "   ckdwilayah = '" & trim(request.form("selLok")) & "' " &_
                            " WHERE id = " & curid & " "
    set qUpdateRelasi = objCommand_tpl.Execute

    objCommand_tpl.commandText = "INSERT INTO ms_tplhist "&_
                               "( cUserId, dLastUpdate,ctipejual,cKdUnitKey, cKdGrupRelasi, cKdRelasi, cKdBarang, bIsFluc, cSatPeriod, "&_
                               "  nHargaPeriod,dTglValidAwal, dTglValidAkhir, cKdCurrency,cSatuan1,cSatuan2, nHarga1, nHarga2,nRate, bActive ) "&_  
                               "SELECT cUserId, dLastUpdate,ctipejual,cKdUnitKey, cKdGrupRelasi, cKdRelasi, cKdBarang, bIsFluc, cSatPeriod, "&_
                               "  nHargaPeriod,dTglValidAwal, dTglValidAkhir, cKdCurrency,cSatuan1,cSatuan2, nHarga1, nHarga2,nRate, bActive "&_
                               "FROM ms_tpl "&_
                               " WHERE id = " & curid & " "
    set qBackupData = objCommand_tpl.Execute            
%>

<form name="frmControl" action="/dairypo/homepage.asp?contID=mstpl_idxs" method="post">
<%
    for each form in request.form
        response.write "<input type=""hidden"" name=""" & form & """ value=""" & request.form(form) & """>" & vbcrlf
    next
%>  
</form>
<script>
    document.frmControl.submit()
</script>

Answer 1

根据上述评论，跟进答案以结束此问题。

“HTTP 500 Internal Server Error”是一个通用响应；它可以是任何东西。关闭浏览器中的“友好错误消息”，并确保您的 Web 服务器也配置为输出错误消息。快速浏览一下，您的 ASP 代码看起来还不错；我猜这是与SQL相关的东西

此外，对 AnthonyWJones 所说的话 +1：

顺便说一句，blankon91，您应该考虑研究“SQL 注入攻击”，以了解将来自客户端的值连接到 SQL 字符串中是多么不明智。改用参数化查询