Jump to content

Request.QueryString and Request.Form in SQL Query


rfiscus
 Share

Recommended Posts

notification = Request.Form("notification")notification1 = Request.QueryString("notification")

This works when submitting from a form

sSQL="SELECT top 1 * FROM [Data_Test].[dbo].[Table1],[Data_Test].[dbo].[Table2] where notification = '" & notification & "' and [Data_test].[dbo].[Table2].notification_number = notification"

This works submitting from a url as lookup.asp?notification=545455656

sSQL="SELECT top 1 * FROM [Data_Test].[dbo].[Table1],[Data_Test].[dbo].[Table2] where notification = '" & notification1 & "' and [Data_test].[dbo].[Table2].notification_number = notification"

This does not work with the or, if I use real numbers and test in SQL, it works fine.

sSQL="SELECT top 1 * FROM [Data_Test].[dbo].[Table1],[Data_Test].[dbo].[Table2] where (notification = '" & notification & "' or notification = '" & notification1 & "') and [Data_test].[dbo].[Table2].notification_number = notification"

Does anybody know why this would be? With the or, it fails submitting from the form and from a URL request string.

 

I get the following error:

 

Microsoft OLE DB Provider for SQL Server error '80040e07'

Error converting data type varchar to numeric.

Link to comment
Share on other sites

I would start by printing out the query to see what you're actually sending to SQL Server. It sounds like you are telling the server to compare a number and a string. I'm not sure how your table is set up, but if the notification column is a numeric column then do not surround the value with quotes. If notification_number is a numeric column, and notification is a varchar, then that's the problem. You're in a better position to determine which of those values are supposed to be numeric and which are supposed to be varchar since you know how the table is defined.

Link to comment
Share on other sites

It is a Numeric (18, 0) field in the database, I've tried changing it to NVARCHAR (50) with the same result. The oddest part about the error is it doesn't occur if I use just the form or just the http query string, only when I put the or between them.

Link to comment
Share on other sites

Heck with it, I just kept the two queries separate and added an If/Then clause, works like a charm.

If Request.Form("notification") <> "" ThensSQL="SELECT * FROM [Data].[dbo].[Table1],[Data].[dbo].[NOTIFICATIONS] where notification = '" & notification & "'  and [Data].[dbo].[Table2].notification_number = notification"ElsesSQL="SELECT * FROM [Data].[dbo].[Table1],[Data].[dbo].[NOTIFICATIONS] where notification = '" & notification1 & "'  and [Data].[dbo].[Table2].notification_number = notification"End If
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...