开发者

Integer variable is acquiring a string value of "ad" somewhere along the line, can anyone see where?

开发者 https://www.devze.com 2022-12-18 16:07 出处:网络
Here is my code: I should get output of the department id (did) a开发者_如何学Cs an integer and the templatefilename (result) that is required.

Here is my code:

I should get output of the department id (did) a开发者_如何学Cs an integer and the templatefilename (result) that is required.

The errors I get are: Conversion from string "ad" to type 'Integer' is not valid. I'm fairly new to asp.net and cannot see where the did variable picks up the "ad" string.

Any help would be greatly appreciated.

Thanks


When you construct the query to the table departmentsgroupings, you're changing the value of sql, but you aren't creating a new SqlCommand. This means that cmd still contains the old SQL statement (the query to the Modules table) which, when executed, returns "ad".

To fix this, change your code as follows:

sql = ("select departmentsid from departmentsgroupings where groupingid =" & pageid & "")
Set cmd = New SqlCommand(sql, conn)    
did = (cmd.ExecuteScalar)

You may have expected the change you made to sql to get passed on automatically to the SqlCommand -- but it doesn't work that way.

Edit: Your code, as written, is vulnerable to SQL injection attacks. If you don't know what these are, you need to read the first answer to this:

How does the SQL injection from the "Bobby Tables" XKCD comic work?

To protect yourself against these kinds of attacks, use parameterized queries.


The mistake is in these lines:

sql = ("select departmentsid from departmentsgroupings where groupingid =" & pageid & "")
did = (cmd.ExecuteScalar)     <---- Wrong command executed here.

You presumably meant to execute the code in sql, not cmd again.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号