ekendricks
Posts: 34
|
Posted: 06/05/2005, 10:21 AM |
|
Can someone tell me why this isn't working ?
using MS Access 2k - CCS2.3.2.24 ASP
I have a table "Procedure" with fields "ProcedureID" and "UpdatedBy". I have a page that lists procedures, with an "Add" link. I click on the "Add" link that passes the PatientID to the "Add Procedure" page. On that page I need to insert a new procedure recording the PatientID - UpdatedBy - DateAdded, and pass PatientID and the newly inserted record Id to the next page. When I click submit..... the new record IS added, I'm taken to the next page, but the "ProcedureID= " is blank.
Here is the code I'm using:
Dim LastID
If IsEmpty(Request.QueryString("ProcedureID")) Then
LastID = CCDLookup("max(Procedureid)","Procedure","UpdatedBy="&DBMed.ToSQL(Request.Form("UpdatedBy"),"CCInteger"),DBMed)
If InStr(Redirect,"?") = 0 Then
Redirect = Redirect & "?Procedureid=" & LastID
ElseIf Right(Redirect, 1) = "?" Then
Redirect = Redirect & "ProcedureID=" & LastID
Else
Redirect = Redirect & "&ProcedureID=" & LastID
End If
End IF
Thanks for any assistance.
Ernest
|
|
|
ryan
Posts: 41
|
Posted: 06/05/2005, 4:33 PM |
|
can you pass the PatientID value to your add link ?
something like <a title="patient" href="thepage.asp?PatientID={PatientID}">Add</a>
_________________
(\__/)
(='.'=)
(")_(") |
|
|
Ernest
|
Posted: 06/05/2005, 5:56 PM |
|
I have narrowed down the problem and had to make alterations to the string. Had to enclose the table name "procedure" with brackets "[Procedure]". That still would return an empty string. I altered the CCDLookup as follows: Leaving out the DBMed.ToSQL and "CCInteger" gives me what I want. Am I looking at diaster down the road with those items left out of the string?
Works:
LastID = CCDLookup("max(ProcedureID)","[Procedure]","PatientID="&(Request.Form("PatientID")),DBMed)
Doesn't Work:
LastID = CCDLookup("max(ProcedureID)","[Procedure]","PatientID="&DBMed.ToSQL(Request.Form("PatientID"),"CCInteger"),DBMed)
Thanks
|
|
|
peterr
Posts: 5971
|
Posted: 06/05/2005, 6:22 PM |
|
I think that this should work:
LastID = CCDLookup("max(ProcedureID)","[Procedure]","PatientID="&DBMed.ToSQL(Request.Form("PatientID"),ccsInteger),DBMed)
Your code is OK but there is a small potential security risk when someone submits "PatientID" value that includes some special characters like quote or apostrophe, which could result in an SQL error or even security breach.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
Ernest
|
Posted: 06/07/2005, 11:52 AM |
|
Thanks: Works perfectly
|
|
|
|