Hi

I have this sql lines but somehow they are not working.
Now I am not sure if it is correct. Could you please read the line and
tell me if it is correct?
pid is primary key in the table
visited is a numeric field.

I am trying to increase one number everytime this page is viewed.

sqlup="update products set visited=visited+1 where pid="&intValue
set rs=cn.execute(sqlup)

thanks
Cemenc@gmail.com

cemal (cemenc@gmail.com) writes:
[quoted text, click to view]

What does "not working" mean? Do you get unexpected results? Do you
get an error message? Are we supposed to guess?

[quoted text, click to view]

Without knowing the business rules or anything? I'm afraid that that will
be difficult.

[quoted text, click to view]

Anyway, you need to learn to use parameterised commands:

cmd = new ADODB.Command
cmd.CommandType = adCommandText
cmd.CommandText = "update dbo.products set visited=visited+1 where pid=?"
md.Parameters.Append cmd.CreateParameter("@pid", _
adInteger, adParamInput, , intValue)
cmd.execute sqlup, adExecuteNoRecords

There is no need for record sets in this case, and add adExecuteNoRecords
to tell you don't expect data back.

You should always use parameterised statements and never interpolate
parameter values into your SQL strings. This so that the SQL Server
cache can be used effeciently. (To this end you should also specify
the table owner/schema in the query, as I have done above.) Another
very important reason is that parameterised statements protects you
against SQL injection - that a way for hackers to get into your site.


--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at