0

I can read from Database, and my other projects (Using ASPMaker read/write records), but thought I'd get my hands dirty instead of cheating, but when trying to update a record I get a 500 error. The directory has read write permissions. Could someone check through my code to see first I've made a mistake.

<!--#include file="Connection.asp"-->

<%
Dim DeleteRS, Query
Set DeleteRS = Server.CreateObject("ADODB.Recordset")
Query = "Select * From notices Where [notice].[approved] = False AND [notice].[Notice_ID] = " & Request.qureystring("n")
response.write(Query)

DeleteRS.Open Query, adoCon, adOpenStatic, adLockOptimistic
DeleteRS.Delete

DeleteRS.Close
Set DeleteRS = Nothing
Set Query = Nothing

%>
4

1 回答 1

2

您应该启用在网络服务器上显示详细的错误消息,以便您获得更多信息,而不仅仅是 500 错误。

您的代码有多个问题:

  • 您信任用户输入:您动态构建您的 sql 代码并使用提供的任何值Request.querystring("n")。请参阅SQL 注入和使用参数
  • 拼写错误:
    • 要求。查询字符串
    • Select * From notices Where [ notice ].[a...
      (除非您进行连接,否则您不必在每一列中重复表名)
  • 永远不要根据 HTTP GET 请求更改数据。如果您想删除(或更新)一行,请创建一个 HTML 表单并发布需要删除的 id。

  • 您不需要使用记录集对象来删除一行。现在您正在与数据库对话两次:一次检索行,一次删除行。只需创建一个删除语句:

    Dim command

command = Server.CreateObject("adodb.command")
command.ActiveConnection = adoCon
command.Execute "DELETE FROM notices WHERE approved = False AND id = ?", array(Request.querystring("n"))
command.Close

Set command = Nothing

问号是一个参数,值在数组中提供。

于 2013-02-10T20:21:28.680 回答