Would someone please be able to help me write the code to update the details in a record on a table. I want to update the value of a field within the record. For instance I need to be able to change the details in a table which look like as follow

AccountNo Agent Name Typ
01568H SAFEWAY actively purchased full pric
Wuld like to add asp code which changes the type field in this record for exampl
AccountNo Agent Name Typ
01568H SAFEWAY actively purchased discounted pric

At the moment I can return this row my carrying out a search on the database
The search brings back these three fields in three textboxes.
I want can change the details on the Type field but I want to be able to actually update the database and save this change
Does anyone have any idea how I can do this. Im very new to programming which is why im having a lot of difficulties

[quoted text, click to view]

Is AccountNo the primary key of your table? If not, tell us what columns
uniquely identify each row in the table.

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

On Tue, 30 Mar 2004 05:56:08 -0800, "Stephen Cairns"
[quoted text, click to view]

I'm not sure where the problem you're having is, but since it appears
you can query and retrieve the record, it's a simple change to the
query to update the record. Assuming that AccountNo is a primary key
(or at least unique), it would look something like:

UPDATE TableName SET Type = 'actively purchased discounted price'
WHERE AccountNo = '01568H'

Might take a run through a SQL tutorial to help you with these:

http://www.sqlcourse.com/

Also, "Type" isn't the best name for a column, maybe "AccountType"
would be better. :)

sSQL = "UPDATE dbo_Nagents_classification SET Type = Request.Form(Classification) where account_no = Request.Form(account_no)

[quoted text, click to view]

Correct

[quoted text, click to view]

No. Your database will not know anything about the Request object. And even
if it did, you have not referred to the variables correctly.

The best method would be to create a stored procedure that accepts the type
and account number as parameters.Then pass the parameter values from your
asp code.

Are we talking SQL Server here? If so, create this procedure (I am making
guesses as to the datatypes and sizes of these parameters - in the future,
please provide this information upfront so as to reduce the back-and-forth
requests for more information):

CREATE PROCEDURE UpdNagents (
@type varchar(50),
@acct varchar(20)
) AS
UPDATE dbo_Nagents_classification SET Type = @acct
WHERE account_no = @acct

Then, in asp, do this:

dim cn, sType, sAcct
sType = Request.Form("Classification")
sAcct = Request.Form("account_no")
'write some code here to validate that these variables
'contain what they are supposed to contain.
'Then, if the variables are OK, do this:

set cn=server.createobject("adodb.connection")
cn.open "<valid connection string>"
cn.UpdNagents sType, sAcct



This approach is the most efficient and secure way of executing a query in
your database. Using the dynamic sql approach you are attempting is not
very secure because it allows hackers to inject sql into the data they
submit. See:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf

You are at an early stage of your programming experience. You should learn
the right ways to do things instead of the easy ways. Unfortunately, most
books for beginners take the lazy approach of teaching the easy, but wrong
ways to do things such as this.

Avoid the dynamic sql approach, but if you are determined to use it, see:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=%23fW7AQWgDHA.3104%40TK2MSFTNGP11.phx.gbl&rnum=1&prev=/groups%3Fas_q%3Ddynamic%2520sql%2520rules%26safe%3Dimages%26ie%3DUTF-8%26oe%3DUTF-8%26as_ugroup%3D*.asp.*%26as_uauthors%3DBob%2520Barrows%26lr%3D%26hl%3Den

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"