Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
Quote:
Set dbConn = Server.CreateObject("ADODB.Connection")
set RS = server.CreateObject("ADODB.recordset")
dbConn.Open Application("SOP_DB_ConnectionString"), _
Application("SOP_DB_RuntimeUserName"), _
Application("SOP_DB_RuntimePassword")


Set cmdSQL= server.CreateObject("ADODB.command")



sqlStmt = "select * from Parameters where Parameter like ?"

cmdSQL.Activeconnection = dbConn
cmdSQL.CommandText = sqlStmt
cmdSQL.CommandType = adCmdText
cmdSQL.Prepared = True ' only needed if u plan to reuse this command often
cmdSQL.Parameters.Refresh

strSearch = "%conn%"
Set prmSQL = cmdSQL.CreateParameter("strVal" , adVarChar, adParamInput, 255,strSearch)
cmdSQL.Parameters.Append prmSQL



RS.CursorType = 3' adOpenStatic


RS.Open cmdSQL,dbConn


if RS.BOF and RS.EOF then ' if no connection found -->GETTING ERROR HERE
session("ErrorTitle")="the initializing process"
session("ErrorText")="Connection failed- Couldn't read SOP parameters from database"
Response.Redirect "Error.asp"
else ' found record
RS.MoveFirst
Do while not RS.EOF
session(trim(RS.Fields("Parameter").value)) = Trim(RS.Fields("Val").value)
RS.MoveNext
Loop
end if
Rs.close



Can somebody help me please in fixing the issue ?
Posted
Updated 26-Apr-15 21:21pm
v2
Comments
deepankarbhatnagar 27-Apr-15 3:47am    
PLease explain your query
[no name] 27-Apr-15 4:04am    
To make it parameterized I have used command object, so as to protect from Injection, after making it parameterized it's not able to connect to DB.
I am not sure where it went wrong.
Ankur\m/ 27-Apr-15 5:56am    
What is the error message?
[no name] 27-Apr-15 6:58am    
Operation is not allowed when the object is closed.
Ankur\m/ 27-Apr-15 8:10am    
See if you get something here - https://www.google.co.in/?gws_rd=ssl#q=operation%20is%20not%20allowed%20when%20the%20object%20is%20closed%20in%20classic%20asp

1 solution

Hi There,

Use Statement as shown below it will fix the issue

sqlStmt = " BEGIN " & _
" DECLARE @Parameter VARCHAR(50); " & _
" SET @Parameter = ?; " & _
" select * from Parameters where Parameter like '%' + @Parameter + '%'; & _
" END "
 
Share this answer
 
Comments
[no name] 28-Apr-15 2:17am    
Thanks Neo Neo, I tried the way you suggested- unfortunately still the exception exists :(

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900