Hi Chris,
> The number is provided and used w/out any separator.
> ..."WHERE INCKEY IN (' & request.form("INCKEY") & ')"
> statement. Then a DO WHILE NOT rs.EOF loop. My
> presumption is that if INCKEY is in the field twice
> for some odd reason, it will still come out of the RS
> only once.
Are the numbers stored as strings or numbers in the database? This
could be a conversion problem.
You might need to wrap the actual values in apostrophes within your
SQL to avoid string-based errors. You should also be validating the
string for errors (apostrophes and semicolons). All it would take is
a very simple SQL injection attack to make your whole day go sour
very quickly.
<input type="checkbox" name="SELECTED"
value="0);drop table 'htecad';-- ">
Or
<input type="checkbox" name="SELECTED"
value="0);drop table `htecad`;-- ">
Regards,
Shawn K. Hall
http://12PointDesign.com/
http://ReliableAnswers.com/
'// ========================================================
We are an impossibility in an impossible universe.
-- Ray Bradbury
---------------------------------------------------------------------
Home : http://groups.yahoo.com/group/active-server-pages
---------------------------------------------------------------------
Post : [email protected]
Subscribe : [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
---------------------------------------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/active-server-pages/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
