CFF KB - Carrz-Fox-Fire Promotions Knowledge Base
CFF KB is all about 1 thing: The Sharing of Knowledge and the Power we gain from it.Knowledge Base
- Breadrumbs:
error '80020009'
- Article ID:
35 - Date Created
Thursday, October 28, 2010 - Last Updated
Friday, February 11, 2011 - This Article Has been Viewed
2096 times - Short Desc
This is a common error which does not give much to work with when trying to troubleshoot the issue. - Details
This error was caused when the information was not sent to the Database Query properly. - Recreate Issue
To recreate this issue.
This is your QueryString
?page=some_(Name)
This is your Variable<%
getPage = Request.Querystring("page")
%>
This is the database value
some_(Name)
The variable of getPage is not the same as the data value from the database
Thus creating the error that we have here. - Resolve Issue
Lets say that you have the following QueryString
?page=some_(Name)
In your Database Query you have this
<%
sqlCt.Parameters.Append sqlCt.CreateParameter("@PicsFolder", 200, 1, 50, getPage)
%>
And your getPage is
<%
getPage = Request.Querystring("page")
%>
Now, in your database, the value for the page will be
some_(Name)
Now
To make sure that we can Query this information properly, we have to create a function that will convert the QueryString back to its original format.
This is our custom Function that is used to protect out site(s) from SQL and XSS Injection and this same function can be used to convert the QueryString back to its original database format.
<%
Function ProtectSQL(SQLString)
SQLString = Replace(SQLString, "'", "''") ' replace single Quotes with Double Quotes
SQLString = Replace(SQLString, ">", ">") ' replace > with >
SQLString = Replace(SQLString, "<", "<") ' replace < with <
SQLString = Replace(SQLString, "(","(") ' replace ( with (
SQLString = Replace(SQLString, ")",")") ' replace ) with )
SQLString = Replace(SQLString, "&", "&")
SQLString = Replace(SQLString, "", "")
'SQLString = Replace(SQLString, "%AE", "%AE")
SQLString = Replace(SQLString, "%AE", "%AE")
SQLString = Replace(SQLString, "©", "©")
'SQLString = Replace(SQLString, "/", "/")
SQLString = Replace(SQLString, "%", "%")
SQLString = Replace(SQLString, vblf,"<br />") ' replace vblf with <br /> (This is mainly used for Memo fields.
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function
%>
Now, what will will do is take our Variable of getPage and wrap it with this function.
<%
getPage = ProtectSQL(Request.Querystring("page"))
%>
Now, when the Query is run against our database, it will convert the String to its original format and present your with your data.
Share With Friends (Updated 6-8-2010)
Recent Articles
All Topics
- Coming Soon - Knowledge Exchange
Trending Articles
- Microsoft VBScript runtime error '800a0046' Permission denied FileSystemObject 24695
- Microsoft OLE DB Provider for SQL Server error '80040e57' String or binary data would be truncated. or The field is too small to accept the amount of data you attempted to add. Try inserting or pasting less data. 21297
- ADODB.Parameters error '800a0e7c' Parameter object is improperly defined 19544
- After Effects warning: Audio conforming failed for the following file .cfa. Perhaps due to disk space 17785
- The backup set holds a backup of a database other than the existing 16825