Classic ASP Discussion - help with delete method

Print Page | Close Window

help with delete method

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=6471
Printed Date: 31 March 2026 at 3:07pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: help with delete method

Posted By: pnqoma
Subject: help with delete method
Date Posted: 16 October 2003 at 8:49am

I'm trying to get my delete button to work but to no avail.My code is as follows:

Dim Conn, ConnString

set ConnString = server.createobject("adodb.connection")
conn = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & Server.MapPath("forum1.mdb")&";"

'Create the Connection object
connString.open (conn)

if request("action") = "delete" then

sql = "DELETE* FROM messages WHERE id = '" & request("id")&"'"
Connstring.execute(sql)

Response.Write("<h1>The message has been deleted.</font><br>Back to <a href='forumlist.asp'>Forum</h1>")

Connstring.Close
end if

%>
Any suggestions??

Replies:

Posted By: MorningZ
Date Posted: 16 October 2003 at 9:03am

take out the "*" in the delete statement

http://www.w3schools.com/sql/sql_delete.asp - http://www.w3schools.com/sql/sql_delete.asp

-------------
Contribute to the working anarchy we fondly call the Internet

Posted By: vshriniwasan
Date Posted: 16 October 2003 at 9:08am

if request("action") = "delete" then

connString.open conn, sql

Response.Write("<h1>The message has been deleted.</font><br>Back to <a href='forumlist.asp'>Forum</h1>")

Connstring.Close
end if

This way everything is done only if the action is delete. Other wise, well you don't even open the connection. Keep the overhead low...

Posted By: michael
Date Posted: 16 October 2003 at 11:56am

To add to MorningZ's comment... You are just using the Request Object which will make it very insecure, someone can just go to that page, put in a query string and delete all records one by one. Use e.g. Request.Form and catch the Referrer that noone can post from a different page.

-------------
http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker

Posted By: pnqoma
Date Posted: 19 October 2003 at 11:16am

Thanks guyz but nothing seemed to work.I'm still getting a blank page when i click on the delete button.This is how i created the button, i don't know whether this could have any effect on the button not working.

<button style = "width:50" onclick = location.href='delete.asp'">delete</button>

so when i click it, it just takes me to the blank asp page, with no deletion occured.

Posted By: MorningZ
Date Posted: 19 October 2003 at 9:58pm

its because where in your "location.href" do you put the query paramter to run the delete?

oh wait.. you don't

here's your code

if request("action") = "delete" then

sql = "DELETE* FROM messages WHERE id = '" & request("id")&"'"
Connstring.execute(sql)

Response.Write("<h1>The message has been deleted.</font><br>Back to <a href='forumlist.asp'>Forum</h1>")

Connstring.Close
end if

you (1) don't pass "action=delete" to get inside the if... then... and (2) also do not pass the "id" that the SQL statement is going to use to delete the requested record

-------------
Contribute to the working anarchy we fondly call the Internet

Posted By: pnqoma
Date Posted: 20 October 2003 at 2:28am

Thankz morningz

I'm in business now