ASP - Request.Form not working?

Author

Request.Form not working?

Drew

2006-10-30, 6:58 pm

I am having an issue with an app that I built, it seems that Request.Form
doesn't want to work sometimes, and only sometimes. For instance, I got a
call last w

about an error, I had the user screenshot it and email it to
me, the error was,

Microsoft OLE DB Provider for SQL Server error '80040e14'

Line 1: Incorrect syntax near '='.

/file.asp, line 158

Line 158 points to a DELETE Statement with a WHERE clause of "...WHERE UID =
" & Request.Form("UID" & i).

This error bugged me, I couldn't figure it out because the app worked for
me. So today I get into work and find that there is another email report of
a problem. I do some troubleshooting and find that UID1 cannot be found, I
mean it is there on the submitting page, but Request.Form("UID1") returns
nothing. The weird thing is that Request.Form("UID2") returns the value of
UID2, as do all the other UID's (there are 25 of them). I tried all of the
usuals, Request("UID1"), even tried a loop to write out all of the form
values, there was no UID1 listed (although the source from the previous page
has a value for UID1), I checked the spelling, everything! I finally got
the error resolved by refreshing the page a few times, then it worked
without a hitch.

Has anyone seen anything like this? This is very troubling because it just
quits working out of the blue, no rhyme or reason (that I can tell).

Thanks,
Drew Laing

Ray Costanzo [MVP]

2006-10-30, 6:58 pm

What happens when someone passes this to your application:

1; DROP TABLE tablename; --

http://www.4guysfromrolla.com/webtech/061902-1.shtml

Ray at work

"Drew" <drewDOTlaingATswvtc.dmhmrsas.virginia.gov> wrote in message
news:%234MSaWq9GHA.4708@TK2MSFTNGP05.phx.gbl...
>I am having an issue with an app that I built, it seems that Request.Form
>doesn't want to work sometimes, and only sometimes. For instance, I got a
>call last w

about an error, I had the user screenshot it and email it to
>me, the error was,
>
> Microsoft OLE DB Provider for SQL Server error '80040e14'
>
> Line 1: Incorrect syntax near '='.
>
> /file.asp, line 158
>
> Line 158 points to a DELETE Statement with a WHERE clause of "...WHERE UID
> = " & Request.Form("UID" & i).
>
> This error bugged me, I couldn't figure it out because the app worked for
> me. So today I get into work and find that there is another email report
> of a problem. I do some troubleshooting and find that UID1 cannot be
> found, I mean it is there on the submitting page, but Request.Form("UID1")
> returns nothing. The weird thing is that Request.Form("UID2") returns the
> value of UID2, as do all the other UID's (there are 25 of them). I tried
> all of the usuals, Request("UID1"), even tried a loop to write out all of
> the form values, there was no UID1 listed (although the source from the
> previous page has a value for UID1), I checked the spelling, everything!
> I finally got the error resolved by refreshing the page a few times, then
> it worked without a hitch.
>
> Has anyone seen anything like this? This is very troubling because it
> just quits working out of the blue, no rhyme or reason (that I can tell).
>
> Thanks,
> Drew Laing
>

Drew

2006-10-30, 6:58 pm

It drops my table... duh!

Drew

"Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
message news:Op24oqq9GHA.4224@TK2MSFTNGP02.phx.gbl...
> What happens when someone passes this to your application:
>
> 1; DROP TABLE tablename; --
>
> http://www.4guysfromrolla.com/webtech/061902-1.shtml
>
> Ray at work
>
>
> "Drew" <drewDOTlaingATswvtc.dmhmrsas.virginia.gov> wrote in message
> news:%234MSaWq9GHA.4708@TK2MSFTNGP05.phx.gbl...
>
>

Drew

2006-10-30, 6:58 pm

But, then we can restore the data and fire the troublemaker... makes it very
easy!

Drew

"Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
message news:Op24oqq9GHA.4224@TK2MSFTNGP02.phx.gbl...
> What happens when someone passes this to your application:
>
> 1; DROP TABLE tablename; --
>
> http://www.4guysfromrolla.com/webtech/061902-1.shtml
>
> Ray at work
>
>
> "Drew" <drewDOTlaingATswvtc.dmhmrsas.virginia.gov> wrote in message
> news:%234MSaWq9GHA.4708@TK2MSFTNGP05.phx.gbl...
>
>

Drew

2006-10-30, 6:58 pm

Ray,

This problem would still be there even if I used a Stored Procedure... maybe
not the error, but it would not work as expected.

Drew

"Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
message news:Op24oqq9GHA.4224@TK2MSFTNGP02.phx.gbl...
> What happens when someone passes this to your application:
>
> 1; DROP TABLE tablename; --
>
> http://www.4guysfromrolla.com/webtech/061902-1.shtml
>
> Ray at work
>
>
> "Drew" <drewDOTlaingATswvtc.dmhmrsas.virginia.gov> wrote in message
> news:%234MSaWq9GHA.4708@TK2MSFTNGP05.phx.gbl...
>
>

Drew

2006-10-30, 6:59 pm

Figured it out, although I still don't understand why... my Response.Write
for the form elements on the submitting page used apostrophe's instead of
double quotes (""), I changed them to double quotes ("") and that took care
of it.

Drew

"Drew" <drewDOTlaingATswvtc.dmhmrsas.virginia.gov> wrote in message
news:%234MSaWq9GHA.4708@TK2MSFTNGP05.phx.gbl...
>I am having an issue with an app that I built, it seems that Request.Form
>doesn't want to work sometimes, and only sometimes. For instance, I got a
>call last w

Sponsored Links