Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP Help 3

Status
Not open for further replies.
Airesz

Airesz

Technical User
Jul 3, 2004
4
US
Newbie Here

I am having an issue with this page of this script. It is an issue that I thought would be simple for me to fix, but I ended up here. The ASP code below works except for the one update button. (Line 379) I think as you can see there are two buttons there The second one works I have no issues with the delete function but when I click on the update form button nothing happens. Here is the code: Any help will be VERY appreciated. I just don’t know what else to do at this point. I think now would be a good time to say that I am sorry if this question is complete newbish.

Code: 
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="dataconn.asp"-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/html4/loose.dtd">[/URL]
<html>
<head>
<title>Zen Help Desk Request Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<!--#include file="menu.asp"-->
<H2>Request Details</H2>
<BR>
<%
'Get the values for the ticketnumber from the database
Set objConn=Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")
objConn.ConnectionString = connectionStr
objConn.Open
If Request.QueryString("ticketnum") <> "" Thenticketnum = Request.QueryString("ticketnum")
Else
ticketnum = Request.Form("ticketnum")
End If
'Added: Replace function to avoid basic sql injection
strSQL = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & Replace(ucase(ticketnum), "'", "''") & "'"
Set objRS = objConn.Execute(strSQL)
If NOT objRS.EOF Then
fullname = objRS("fullname")
email = objRS("email")
technician = objRS("technicianid")
severity = objRS("severity")
status = objRS("status")
estimatedtime = objRS("estimatedtime")
emailupdate = objRS("emailupdate")
releasecall = objRS("releasecall")
category = objRS("categoryid")
description = objRS("description")
resolution = objRS("resolution")
%>
<form action="updaterequest.asp" method="post"> </form>
<table align="left" cellspacing="2" cellpadding="2" width="550" border="0">
<tr>
<td><strong>Full Name :</strong></td>
<td><input type="text" name="fullname" readonly value="<%=fullname%>" size="30"></td>
</tr>
<tr>
<td><strong>Email Address :</strong></td>
<td><input type="text" name="email" readonly value="<%=email%>" size="30"></td>
</tr>
<tr>
<td><strong>Category :</strong></td>
<td><%DisplayDropDownValues "category",category,"category","category" %></td>
</tr>
<tr>
<td><strong>Severity :</strong></td>
<td><select name="severity">
<option value="1" <%If severity = 1 Then Response.Write "Selected"%>>Critical</option>
<option value="2" <%If severity = 2 Then Response.Write "Selected"%>>High</option> 
<option value="3" <%If severity = 3 Then Response.Write "Selected"%>>Medium</option> 
<option value="4" <%If severity = 4 Then Response.Write "Selected"%>>Low</option> 
</select></td>
</tr>
<tr>
<td><strong>Assigned To :</strong></td>
<td><%DisplayDropDownValues "technician",technician,"technician","technician" %></td>
</tr>
<tr>
<td><strong>Status :</strong></td>
<td><select name="status">
<option value="Open" <%If status = "Open" Then Response.Write "SELECTED"%>>Open</option>
<option value="Closed" <%If status = "Closed" Then Response.Write "SELECTED"%>>Closed</option>
</select></td>
</tr>
<tr>
<td><strong>Estimated Time :</strong></td>
<td><input type="text" name="estimatedtime" value="<%=estimatedtime%>" size="30"></td>
</tr> 
<%
'Display this section only for tech and admin
If Session("tech") = TRUE or Session("admin") = TRUE Then %>
<tr>
<td><strong>Send Email Update :</strong></td>
<td><%If emailupdate Then %>
<input type="checkbox" name="emailupdate" value="on" checked size="30">
<%
else 
%>
<input type="checkbox" name="emailupdate" value="on" size="30">
<%
end if
%></td>
</tr>
<tr>
<td><strong>Release Call :</strong></td>
<td><%If releasecall Then %>
<input type="checkbox" name="releasecall" value="on" checked size="30">
<%
else 
%>
<input type="checkbox" name="releasecall" value="on" size="30">
<%
end if
%></td>
</tr>
<%
End If
%>
<tr>
<td><strong>Description :</strong></td>
<td><textarea rows="7" cols="54" readonly name="description" 
><%=description%></textarea></td>
</tr>
<tr>
<td><strong>Resolution :</strong></td>
<td><textarea rows="7" cols="54" name="resolution" ><%=resolution%> </textarea></td>
</tr>
<% If Session("tech") = TRUE or Session("admin") = TRUE Then %>
<tr>
<td></td>
<td><table><tr><td><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>"><input class="littlebutton" name="" type="submit" value=" Update"></form></td><td>
<form method="post" action="delete.asp"><input class="littlebutton" name="" type="Submit" value=" Delete"><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>"></form></td></tr></table></td>
</tr>
<%
End If
%>
<tr>
<%
'End If
Else
Response.Write "This Ticket Number does not exist in the system."
End If
%> 
</table>
</body>
</html>
<%
Sub DisplayDropDownValues(dropdownname,dropdownvalue,tablename,columnname)
'Get the values for the ticketnumber from the database
Set objConn=Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")
objConn.ConnectionString = connectionStr
objConn.Open
'Added: Replace function to avoid basic sql injection
strSQL = "SELECT * FROM " & Replace(tablename, "'", "''") '& " WHERE " & columnname & " = '" & dropdownvalue & "'" 
Set objRS = objConn.Execute(strSQL)
Response.Write "<select name=" & dropdownname & ">"
Do While NOT objRS.EOF
If objRS("" & columnname & "id" & "") = dropdownvalue Then
Response.Write "<option value=" & objRS("" & columnname & "id" & "") & " SELECTED>" & objRS("" & columnname & "name" & "") & "</option>"
Else
Response.Write "<option value=" & objRS("" & columnname & "id" & "") & ">" & objRS("" & columnname & "name" & "") & "</option>"
End If
objRS.MoveNext
Loop
Response.Write "</select>"
objRS.Close
Set objRS = Nothing
objConn.Close 'Added: Close before freeing resources
Set objConn = Nothing
End Sub
%>
 
Sort by date Sort by votes
try removing the </form> from the

<form action="updaterequest.asp" method="post"> line
 
Upvote 0 Downvote
By the way there is an error in line 21:

If Request.QueryString("ticketnum") <> "" Thenticketnum = Request.QueryString("ticketnum")

should be:

If Request.QueryString("ticketnum") <> "" Then
ticketnum = Request.QueryString("ticketnum")

[sub]&quot;Nothing is impossible until proven otherwise&quot;[/sub]​
 
Upvote 0 Downvote
Ok here is where I am now

I removed the </form> as steven290 had suggested.
I fixed the error that madanthrax informed me of.

Thank you both for your assistance. Unfortunately I am still having the same issue. I am able to delete the record but I can't update anything. I click the button and nothing happens.


Code: 
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="dataconn.asp"-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/html4/loose.dtd">[/URL]
<html>
<head>
<title>Zen Help Desk Request Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<!--#include file="menu.asp"-->
<H2>Request Details</H2>
<BR>
<%
'Get the values for the ticketnumber from the database
Set objConn=Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")
objConn.ConnectionString = connectionStr
objConn.Open
If Request.QueryString("ticketnum") <> "" Then
ticketnum = Request.QueryString("ticketnum")
End If
'Added: Replace function to avoid basic sql injection
strSQL = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & Replace(ucase(ticketnum), "'", "''") & "'"
Set objRS = objConn.Execute(strSQL)
If NOT objRS.EOF Then
fullname = objRS("fullname")
email = objRS("email")
technician = objRS("technicianid")
severity = objRS("severity")
status = objRS("status")
estimatedtime = objRS("estimatedtime")
emailupdate = objRS("emailupdate")
releasecall = objRS("releasecall")
category = objRS("categoryid")
description = objRS("description")
resolution = objRS("resolution")
%>
<form action="updaterequest.asp" method="post">
</form>
<table align="left" cellspacing="2" cellpadding="2" width="550" border="0">
<tr>
<td><strong>Full Name :</strong></td>
<td><input type="text" name="fullname" readonly value="<%=fullname%>" size="30"></td>
</tr>
<tr>
<td><strong>Email Address :</strong></td>
<td><input type="text" name="email" readonly value="<%=email%>" size="30"></td>
</tr>
<tr>
<td><strong>Category :</strong></td>
<td><%DisplayDropDownValues "category",category,"category","category" %></td>
</tr>
<tr>
<td><strong>Severity :</strong></td>
<td><select name="severity">
<option value="1" <%If severity = 1 Then Response.Write "Selected"%>>Critical</option>
<option value="2" <%If severity = 2 Then Response.Write "Selected"%>>High</option> 
<option value="3" <%If severity = 3 Then Response.Write "Selected"%>>Medium</option> 
<option value="4" <%If severity = 4 Then Response.Write "Selected"%>>Low</option> 
</select></td>
</tr>
<tr>
<td><strong>Assigned To :</strong></td>
<td><%DisplayDropDownValues "technician",technician,"technician","technician" %></td>
</tr>
<tr>
<td><strong>Status :</strong></td>
<td><select name="status">
<option value="Open" <%If status = "Open" Then Response.Write "SELECTED"%>>Open</option>
<option value="Closed" <%If status = "Closed" Then Response.Write "SELECTED"%>>Closed</option>
</select></td>
</tr>
<tr>
<td><strong>Estimated Time :</strong></td>
<td><input type="text" name="estimatedtime" value="<%=estimatedtime%>" size="30"></td>
</tr> 
<%
'Display this section only for tech and admin
If Session("tech") = TRUE or Session("admin") = TRUE Then %>
<tr>
<td><strong>Send Email Update :</strong></td>
<td><%If emailupdate Then %>
<input type="checkbox" name="emailupdate" value="on" checked size="30">
<%
else 
%>
<input type="checkbox" name="emailupdate" value="on" size="30">
<%
end if
%></td>
</tr>
<tr>
<td><strong>Release Call :</strong></td>
<td><%If releasecall Then %>
<input type="checkbox" name="releasecall" value="on" checked size="30">
<%
else 
%>
<input type="checkbox" name="releasecall" value="on" size="30">
<%
end if
%></td>
</tr>
<%
End If
%>
<tr>
<td><strong>Description :</strong></td>
<td><textarea rows="7" cols="54" readonly name="description" 
><%=description%></textarea></td>
</tr>
<tr>
<td><strong>Resolution :</strong></td>
<td><textarea rows="7" cols="54" name="resolution" ><%=resolution%> </textarea></td>
</tr>
<% If Session("tech") = TRUE or Session("admin") = TRUE Then %>
<tr>
<td></td>
<td><table><tr><td><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>"><input class="littlebutton" name="" type="submit" value=" Update"></form></td><td>
<form method="post" action="delete.asp"><input class="littlebutton" name="" type="Submit" value=" Delete"><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>"></form></td></tr></table></td>
</tr>
<%
End If
%>
<tr>
<%
'End If
Else
Response.Write "This Ticket Number does not exist in the system."
End If
%> 
</table>
</body>
</html>
<%
Sub DisplayDropDownValues(dropdownname,dropdownvalue,tablename,columnname)
'Get the values for the ticketnumber from the database
Set objConn=Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")
objConn.ConnectionString = connectionStr
objConn.Open
'Added: Replace function to avoid basic sql injection
strSQL = "SELECT * FROM " & Replace(tablename, "'", "''") '& " WHERE " & columnname & " = '" & dropdownvalue & "'" 
Set objRS = objConn.Execute(strSQL)
Response.Write "<select name=" & dropdownname & ">"
Do While NOT objRS.EOF
If objRS("" & columnname & "id" & "") = dropdownvalue Then
Response.Write "<option value=" & objRS("" & columnname & "id" & "") & " SELECTED>" & objRS("" & columnname & "name" & "") & "</option>"
Else
Response.Write "<option value=" & objRS("" & columnname & "id" & "") & ">" & objRS("" & columnname & "name" & "") & "</option>"
End If
objRS.MoveNext
Loop
Response.Write "</select>"
objRS.Close
Set objRS = Nothing
objConn.Close 'Added: Close before freeing resources
Set objConn = Nothing
End Sub
%>
 
Upvote 0 Downvote
Airesz,

Are trying to nest 2 tables? and why? You still have a </form> out of place that was supposed to be corrected..perhaps you posted original code? Anyways I think if you "structure" your code for easier readibility you may find your errors quicker. Have you used trial-an-error? Meaning, have you removed the delete button and see if your edit button works? etc.. Use get temporiarily and see what's going to the respected update/delete pages. What would work perhaps is to have the edit/delete code inserted into the same code as you have here. It's still isolated for maintenance practices yet EVERYTHING is posted to this SAME page...all you need to do is NAME the <input type="subit" name="update" value="Update"> Right now you have both set to "". Assign it a name and use If conditions to capture whether the "edit" OR the "delete" was posted and execute the include files. Just remember that include files need to be in html not asp. I have an example of an easier code to read...hope this helps.

BSL

Code: 
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="dataconn.asp"-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/html4/loose.dtd">[/URL]
<html>
 <head>
  <title>Zen Help Desk Request Details</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
 </head>
<body>
 <!--#include file="menu.asp"-->
 <H2>Request Details</H2>
  <BR>

<%
  'Get the values for the ticketnumber from the database
  Set objConn=Server.CreateObject("ADODB.Connection")
  Set objRS = Server.CreateObject("ADODB.Recordset")
  objConn.ConnectionString = connectionStr
  objConn.Open

  If Request.QueryString("ticketnum") <> "" Then
  	ticketnum = Request.QueryString("ticketnum")
  End If

  'Added: Replace function to avoid basic sql injection

  strSQL = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & Replace(ucase(ticketnum), "'", "''") & "'"

  Set objRS = objConn.Execute(strSQL)

  If NOT objRS.EOF Then
  	fullname = objRS("fullname")
   	email = objRS("email")
	technician = objRS("technicianid")
	severity = objRS("severity")
	status = objRS("status")
	estimatedtime = objRS("estimatedtime")
	emailupdate = objRS("emailupdate")
	releasecall = objRS("releasecall")
	category = objRS("categoryid")
	description = objRS("description")
	resolution = objRS("resolution")
%>

<form action="updaterequest.asp" method="post">
<!-- remove this </form> -->

 <table align="left" cellspacing="2" cellpadding="2" width="550" border="0">
  <tr>
   <td><strong>Full Name :</strong></td>
   <td><input type="text" name="fullname" readonly value="<%=fullname%>" size="30"></td>
  </tr>
  <tr>
   <td><strong>Email Address :</strong></td>
   <td><input type="text" name="email" readonly value="<%=email%>" size="30"></td>
  </tr>
  <tr>
   <td><strong>Category :</strong></td>
   <td><%DisplayDropDownValues "category",category,"category","category" %></td>
  </tr>
  <tr>
   <td><strong>Severity :</strong></td>
   <td><select name="severity">
        <option value="1" <%If severity = 1 Then Response.Write "Selected"%>>Critical</option>
        <option value="2" <%If severity = 2 Then Response.Write "Selected"%>>High</option> 
        <option value="3" <%If severity = 3 Then Response.Write "Selected"%>>Medium</option> 
        <option value="4" <%If severity = 4 Then Response.Write "Selected"%>>Low</option> 
       </select>
   </td>
  </tr>
  <tr>
   <td><strong>Assigned To :</strong></td>
   <td><%DisplayDropDownValues "technician",technician,"technician","technician" %></td>
  </tr>
  <tr>
   <td><strong>Status :</strong></td>
   <td><select name="status">
        <option value="Open" <%If status = "Open" Then Response.Write "SELECTED"%>>Open</option>
        <option value="Closed" <%If status = "Closed" Then Response.Write "SELECTED"%>>Closed</option>
       </select>
   </td>
  </tr>
  <tr>
   <td><strong>Estimated Time :</strong></td>
   <td><input type="text" name="estimatedtime" value="<%=estimatedtime%>" size="30"></td>
  </tr> 

<%
  'Display this section only for tech and admin

   If Session("tech") = TRUE or Session("admin") = TRUE Then
%>

  <tr>
   <td><strong>Send Email Update :</strong></td>
   <td><%If emailupdate Then %>
    <input type="checkbox" name="emailupdate" value="on" checked size="30">

<%
  else 
%>
  
    <input type="checkbox" name="emailupdate" value="on" size="30">

<%
  end if
%>
   </td>
  </tr>
  <tr>
   <td><strong>Release Call :</strong></td>
   <td><%If releasecall Then %>
    <input type="checkbox" name="releasecall" value="on" checked size="30">
<%
  else 
%>

    <input type="checkbox" name="releasecall" value="on" size="30">
<%
  end if
%>
   </td>
  </tr>

<%
  End If
%>
 
 <tr>
  <td><strong>Description :</strong></td>
  <td><textarea rows="7" cols="54" readonly name="description"><%=description%></textarea></td>
 </tr>
 <tr>
  <td><strong>Resolution :</strong></td>
  <td><textarea rows="7" cols="54" name="resolution"><%=resolution%></textarea></td>
 </tr>

<% If Session("tech") = TRUE or Session("admin") = TRUE Then %>
  
  <!-- Why are you starting another row?  empty cell?  Where are you closing the first table? -->
       
  </table>  


 <!-- <tr>
  <td></td> 
  <td>
   -->

  <!-- Start another table here -->
   <table>
    <tr>
     <td><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>">

  <!-- Where is the name so the posted form can update it? Where is the code to update the form? 
       I assume it is updaterequest.asp, but again, it needs a name. As it stands it's empty ""
       Although it will work you should assign it a name for programming practice..same w/delete
        
   -->
      
         <input class="littlebutton" name="" type="submit" value="Update">
      </form>
       </td>
       <td>
      <form method="post" action="delete.asp">
       <input class="littlebutton" name="" type="Submit" value=" Delete">
       <input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>">
      <!-- I don't think you can have a form tag within a table...check html validation for this
       </form>
      -->
      </td>
    </tr>
   </form>
  </table>
 
  
 
 <!-- no need for these tags
    </td>
    </tr>
 -->

<%
  End If
%>
  <!-- This tag not needed ...table is closed
    <tr>
  -->
<%
  'End If

  ' why put simple text in a table? Tables are normally used for holding stored data...use css here 


   Else
   Response.Write "This Ticket Number does not exist in the system."
   End If
%> 
  <!-- table cosed aready
    </table>
   -->
 </body>
</html>

<%
  Sub DisplayDropDownValues(dropdownname,dropdownvalue,tablename,columnname)
  'Get the values for the ticketnumber from the database
  Set objConn=Server.CreateObject("ADODB.Connection")
  Set objRS = Server.CreateObject("ADODB.Recordset")
  objConn.ConnectionString = connectionStr
  objConn.Open

 'Added: Replace function to avoid basic sql injection
  strSQL = "SELECT * FROM " & Replace(tablename, "'", "''") '& " WHERE " & columnname & " = '" & dropdownvalue & "'" 
  Set objRS = objConn.Execute(strSQL)
  Response.Write "<select name=" & dropdownname & ">"

  Do While NOT objRS.EOF
  
   If objRS("" & columnname & "id" & "") = dropdownvalue Then
       Response.Write "<option value=" & objRS("" & columnname & "id" & "") & " SELECTED>" & objRS("" & columnname & "name" & "") & "</option>"
   Else
       Response.Write "<option value=" & objRS("" & columnname & "id" & "") & ">" & objRS("" & columnname & "name" & "") & "</option>"
   End If

  objRS.MoveNext
  Loop

  Response.Write "</select>"

  objRS.Close
  Set objRS = Nothing
  objConn.Close 'Added: Close before freeing resources
  Set objConn = Nothing
  End Sub
%>
 
Upvote 0 Downvote
Thank you for your help bslintx. :)

I apologize for my last post you are correct I did accidentally repost the same code

Thanks to your help I have fixed everything or at least I think I have.

So far this is what I have done:

I used get in place of post with the update button. (No Change)
I have removed the delete button and see if your edit button works. (No Change)

When clicking the delete button I used get in place of post and it took me to viewopenrequests.asp like it was suppose to.

I temporally removed them included menu I changed the included dataconn.asp page to html format

Changed
<input type="subit" name=" " value="Update">
<input type="subit" name="update" value="Update">

<input class="littlebutton" name="" type="Submit" value=" Delete">
<input class="littlebutton" name="delete" type="Submit" value=" Delete">

Nothing is happening when I click the update form button errors or anything.

Below is the updated code. This page is (showrequest.asp) when a user submits a request and I want to view their request this is the page I would be at.

If I want to make an update to their request and click the update button updaterequest.asp if where the form should be posting to. Below this box of code will be updaterequest.asp code so you can see the second part of the code.


Code: 
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="dataconn.html"-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/html4/loose.dtd">[/URL]
<html>
 <head>
  <title>Zen Help Desk Request Details</title>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
 </head>
<body>
 <H2>Request Details</H2>
  <BR>

<%
  'Get the values for the ticketnumber from the database
  Set objConn=Server.CreateObject("ADODB.Connection")
  Set objRS = Server.CreateObject("ADODB.Recordset")
  objConn.ConnectionString = connectionStr
  objConn.Open

  If Request.QueryString("ticketnum") <> "" Then
      ticketnum = Request.QueryString("ticketnum")
  End If

  'Added: Replace function to avoid basic sql injection

  strSQL = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & Replace(ucase(ticketnum), "'", "''") & "'"

  Set objRS = objConn.Execute(strSQL)

  If NOT objRS.EOF Then
      fullname = objRS("fullname")
       email = objRS("email")
    technician = objRS("technicianid")
    severity = objRS("severity")
    status = objRS("status")
    estimatedtime = objRS("estimatedtime")
    emailupdate = objRS("emailupdate")
    releasecall = objRS("releasecall")
    category = objRS("categoryid")
    description = objRS("description")
    resolution = objRS("resolution")
%>

<form action="updaterequest.asp" method="post">
 <table align="left" cellspacing="2" cellpadding="2" width="550" border="0">
  <tr>
   <td><strong>Full Name :</strong></td>
   <td><input type="text" name="fullname" readonly value="<%=fullname%>" size="30"></td>
  </tr>
  <tr>
   <td><strong>Email Address :</strong></td>
   <td><input type="text" name="email" readonly value="<%=email%>" size="30"></td>
  </tr>
  <tr>
   <td><strong>Category :</strong></td>
   <td><%DisplayDropDownValues "category",category,"category","category" %></td>
  </tr>
  <tr>
   <td><strong>Severity :</strong></td>
   <td><select name="severity">
        <option value="1" <%If severity = 1 Then Response.Write "Selected"%>>Critical</option>
        <option value="2" <%If severity = 2 Then Response.Write "Selected"%>>High</option> 
        <option value="3" <%If severity = 3 Then Response.Write "Selected"%>>Medium</option> 
        <option value="4" <%If severity = 4 Then Response.Write "Selected"%>>Low</option> 
       </select>
   </td>
  </tr>
  <tr>
   <td><strong>Assigned To :</strong></td>
   <td><%DisplayDropDownValues "technician",technician,"technician","technician" %></td>
  </tr>
  <tr>
   <td><strong>Status :</strong></td>
   <td><select name="status">
        <option value="Open" <%If status = "Open" Then Response.Write "SELECTED"%>>Open</option>
        <option value="Closed" <%If status = "Closed" Then Response.Write "SELECTED"%>>Closed</option>
       </select>
   </td>
  </tr>
  <tr>
   <td><strong>Estimated Time :</strong></td>
   <td><input type="text" name="estimatedtime" value="<%=estimatedtime%>" size="30"></td>
  </tr> 

<%
  'Display this section only for tech and admin

   If Session("tech") = TRUE or Session("admin") = TRUE Then
%>

  <tr>
   <td><strong>Send Email Update :</strong></td>
   <td><%If emailupdate Then %>
    <input type="checkbox" name="emailupdate" value="on" checked size="30">

<%
  else 
%>
  
    <input type="checkbox" name="emailupdate" value="on" size="30">

<%
  end if
%>
   </td>
  </tr>
  <tr>
   <td><strong>Release Call :</strong></td>
   <td><%If releasecall Then %>
    <input type="checkbox" name="releasecall" value="on" checked size="30">
<%
  else 
%>

    <input type="checkbox" name="releasecall" value="on" size="30">
<%
  end if
%>
   </td>
  </tr>

<%
  End If
%>
 
 <tr>
  <td><strong>Description :</strong></td>
  <td><textarea rows="7" cols="54" readonly name="description"><%=description%></textarea></td>
 </tr>
 <tr>
  <td><strong>Resolution :</strong></td>
  <td><textarea rows="7" cols="54" name="resolution"><%=resolution%></textarea></td>
 </tr>

<% If Session("tech") = TRUE or Session("admin") = TRUE Then %>
  
   <table>
    <tr>
     <td><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>">
         <input class="littlebutton" name="update" type="submit" value="Update">
      </form>
       </td>
       <td>
      <form method="GET" action="delete.asp">
       <input class="littlebutton" name="delete" type="Submit" value=" Delete">
       <input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>">

      </td>
    </tr>
   </form>
  </table>
<%
  End If
%>
<%
  'End If

  ' why put simple text in a table? Tables are normally used for holding stored data...use css here 


   Else
   Response.Write "This Ticket Number does not exist in the system."
   End If
%> 
 </body>
</html>

<%
  Sub DisplayDropDownValues(dropdownname,dropdownvalue,tablename,columnname)
  'Get the values for the ticketnumber from the database
  Set objConn=Server.CreateObject("ADODB.Connection")
  Set objRS = Server.CreateObject("ADODB.Recordset")
  objConn.ConnectionString = connectionStr
  objConn.Open

 'Added: Replace function to avoid basic sql injection
  strSQL = "SELECT * FROM " & Replace(tablename, "'", "''") '& " WHERE " & columnname & " = '" & dropdownvalue & "'" 
  Set objRS = objConn.Execute(strSQL)
  Response.Write "<select name=" & dropdownname & ">"

  Do While NOT objRS.EOF
  
   If objRS("" & columnname & "id" & "") = dropdownvalue Then
       Response.Write "<option value=" & objRS("" & columnname & "id" & "") & " SELECTED>" & objRS("" & columnname & "name" & "") & "</option>"
   Else
       Response.Write "<option value=" & objRS("" & columnname & "id" & "") & ">" & objRS("" & columnname & "name" & "") & "</option>"
   End If

  objRS.MoveNext
  Loop

  Response.Write "</select>"

  objRS.Close
  Set objRS = Nothing
  objConn.Close 'Added: Close before freeing resources
  Set objConn = Nothing
  End Sub
%>

The code below is updaterequest.asp

Code: 
<!--#include file="dataconn.html"-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
	<title>Zen Help Desk - Request Updated</title>
</head>

<body>

<H2>Request Status</H2>
<BR><BR><DIV align="center">

<%
	Set objConn=Server.CreateObject("ADODB.Connection")
	Set objRS = Server.CreateObject("ADODB.Recordset")

	objConn.ConnectionString = connectionStr
	objConn.Open
	Set cmdTemp = Server.CreateObject("ADODB.Command")
	cmdTemp.CommandText = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & ucase(Request("ticketnum")) & "'"
	cmdTemp.CommandType = 1
	objRS.CursorType = adOpenKeyset
	objRS.LockType = 3
	Set cmdTemp.ActiveConnection = objConn
    objRS.Open cmdTemp

	objRS("status") = Request.Form("status")
	
	'check if email update is checked to send email
	If Request.Form("emailupdate") = "on" Then
		objRS("emailupdate") = 1
		Set adminRS = objConn.Execute("SELECT * FROM ADMIN")
	    SENDEMAIL = adminRS("SMTPMail")
	    FROMEMAILADDRESS = adminRS("FROMEMAIL")
        Set adminRS = Nothing
			'Check if sendemail is set up by admin
			If SENDEMAIL Then 
				Set MailObject = Server.CreateObject("CDONTS.NewMail")
				MailObject.BodyFormat = 0
				MailObject.mailformat = 0
				MailObject.From	= FROMEMAILADDRESS
				MailObject.To	= objRS("email")
				MailObject.Subject  = "Zen Help Desk - Ref# " & ucase(Request("ticketnum"))
				strBody = "<font color=""#333333"" face=""Verdana"" size=""2""> <p>There has been an update for your request.</p><p>Resolution :" & Request.Form("resolution") & "</p>"		
				MailObject.Body   = strBody
				MailObject.Send
				Set MailObject = Nothing
			End If		
	Else
		objRS("emailupdate") = 0
	End If
	If Request.Form("releasecall") = "on" Then
		objRS("releasecall") = 1
	Else
		objRS("releasecall") = 0
	End IF
		
	objRS("categoryid") = Request.Form("category")
	objRS("severity") = Request.Form("severity")
	objRS("technicianid") = Request.Form("technician")
	objRS("estimatedtime") = Request.Form("estimatedtime")
	If Request.Form("resolution") <> "" Then
		objRS("resolution") = Request.Form("resolution")
	Else
		objRS("resolution") = " "
	End If
	
	
	
	
	objRS.update	
	objRS.close
	objConn.Close
	Set objRS = Nothing
	Set objConn = Nothing
	
	
	
	Response.Redirect "viewrequests.asp"
	%>
 
Upvote 0 Downvote
Airesz,

Try changing this line:

cmdTemp.CommandText = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & ucase(Request("ticketnum")) & "'"

TO

cmdTemp.CommandText = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & ucase(Request.Form("ticketnum")) & "'"

Since you are POSTING the values to your sql statement it doesn't kick in...it's expecting a querystring not a .form request

Try that and see what happens

BSL
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
278
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
259
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
211
penguinspeaks
penguinspeaks
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
507
GriffMG
GriffMG
Swi
  • Locked
  • Question
JQUERY AJAX POST and how to receive data via Classic ASP
Replies
0
Views
294
Swi
Swi

Part and Inventory Search

Sponsor

Back
Top