Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

ASP Help

Mar 19, 2005 5:25PM PST

Newbie Here


I am having an issue with this page of this script. It is an issue that I thought would be simple for me to fix, but I ended up here. The ASP code below works except for the one update button. (Line 379) I think as you can see there are two buttons there The second one works I have no issues with the delete function but when I click on the update form button nothing happens. Here is the code: Any help will be VERY appreciated. I just don?t know what else to do at this point. I think now would be a good time to say that I am sorry if this question is complete newbish.

also I had to remove some of the code because there were to many characters I have attached the whole code in a zipped text file if you need to see it

<%@LANGUAGE="VBSCRIPT"%>

<!--#include file="dataconn.asp"-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Zen Help Desk Request Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<!--#include file="menu.asp"-->
<H2>Request Details</H2>
<BR>
<%

'Get the values for the ticketnumber from the database
Set objConn=Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")

objConn.ConnectionString = connectionStr
objConn.Open
If Request.QueryString("ticketnum") <> "" Then
ticketnum = Request.QueryString("ticketnum")
Else
ticketnum = Request.Form("ticketnum")
End If
'Added: Replace function to avoid basic sql injection
strSQL = "SELECT * FROM REQUESTS WHERE ticketnumber = '" & Replace(ucase(ticketnum), "'", "''") & "'"

Set objRS = objConn.Execute(strSQL)
If NOT objRS.EOF Then
fullname = objRS("fullname")
email = objRS("email")
technician = objRS("technicianid")
severity = objRS("severity")
status = objRS("status")
estimatedtime = objRS("estimatedtime")
emailupdate = objRS("emailupdate")
releasecall = objRS("releasecall")
category = objRS("categoryid")
description = objRS("description")
resolution = objRS("resolution")

%>
<form action="updaterequest.asp" method="post"> </form>
<table align="left" cellspacing="2" cellpadding="2" width="550" border="0">
<tr>
<td><strong>Full Name :</strong></td>
<td><input type="text" name="fullname" readonly value="<%=fullname%>" size="30"></td>
</tr>
<tr>
<td><strong>Email Address :</strong></td>
<td><input type="text" name="email" readonly value="<%=email%>" size="30"></td>
</tr>
<tr>
<td><strong>Category :</strong></td>
<td><%DisplayDropDownValues "category",category,"category","category" %></td>
</tr>
<tr>
<td><strong>Severity :</strong></td>
<td><select name="severity">
<option value="1" <%If severity = 1 Then Response.Write "Selected"%>>Critical</option>
<option value="2" <%If severity = 2 Then Response.Write "Selected"%>>High</option>
<option value="3" <%If severity = 3 Then Response.Write "Selected"%>>Medium</option>
<option value="4" <%If severity = 4 Then Response.Write "Selected"%>>Low</option>
</select></td>
</tr>
<tr>
<td><strong>Assigned To :</strong></td>
<td><%DisplayDropDownValues "technician",technician,"technician","technician" %></td>
</tr>
<tr>
<td><strong>Status :</strong></td>
<td><select name="status">
<option value="Open" <%If status = "Open" Then Response.Write "SELECTED"%>>Open</option>
<option value="Closed" <%If status = "Closed" Then Response.Write "SELECTED"%>>Closed</option>
</select></td>
</tr>
<tr>
<td><strong>Estimated Time :</strong></td>
<td><input type="text" name="estimatedtime" value="<%=estimatedtime%>" size="30"></td>
</tr>
<%
'Display this section only for tech and admin
If Session("tech") = TRUE or Session("admin") = TRUE Then %>
<tr>
<td><strong>Send Email Update :</strong></td>
<td><%If emailupdate Then %>
<input type="checkbox" name="emailupdate" value="on" checked size="30">
<%
else
%>
<input type="checkbox" name="emailupdate" value="on" size="30">
<%
end if
%></td>
</tr>
<tr>
<td><strong>Release Call :</strong></td>
<td><%If releasecall Then %>
<input type="checkbox" name="releasecall" value="on" checked size="30">
<%
else
%>
<input type="checkbox" name="releasecall" value="on" size="30">
<%
end if
%></td>
</tr>
<%
End If
%>
<tr>
<td><strong>Description :</strong></td>
<td><textarea rows="7" cols="54" readonly name="description"
><%=description%></textarea></td>
</tr>

<tr>
<td><strong>Resolution :</strong></td>
<td><textarea rows="7" cols="54" name="resolution" ><%=resolution%> </textarea></td>
</tr>
<% If Session("tech") = TRUE or Session("admin") = TRUE Then %>
<tr>
<td></td>
<td><table><tr><td><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>"><input class="littlebutton" name="" type="submit" value=" Update"></form></td><td>
<form method="post" action="delete.asp"><input class="littlebutton" name="" type="Submit" value=" Delete"><input name="ticketnum" type="hidden" value="<%=ucase(ticketnum)%>"></form></td></tr></table></td>
</tr>
<%
End If
%>
<tr>
<%
'End If
Else
Response.Write "This Ticket Number does not exist in the system."
End If
%>
</table>

</body>
</html>
<%
Sub DisplayDropDownValues(dropdownname,dropdownvalue,t ablename,columnname)
'Get the values for the ticketnumber from the database
Set objConn=Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")

objConn.ConnectionString = connectionStr
objConn.Open

'Added: Replace function to avoid basic sql injection
strSQL = "SELECT * FROM " & Replace(tablename, "'", "''") '& " WHERE " & columnname & " = '" & dropdownvalue & "'"
Set objRS = objConn.Execute(strSQL)

Response.Write "<select name=" & dropdownname & ">"
Do While NOT objRS.EOF
If objRS("" & columnname & "id" & "") = dropdownvalue Then
Response.Write "<option value=" & objRS("" & columnname & "id" & "") & " SELECTED>" & objRS("" & columnname & "name" & "") & "</option>"
Else
Response.Write "<option value=" & objRS("" & columnname & "id" & "") & ">" & objRS("" & columnname & "name" & "") & "</option>"
End If

objRS.MoveNext
Loop
Response.Write "</select>"
objRS.Close
Set objRS = Nothing
objConn.Close 'Added: Close before freeing resources
Set objConn = Nothing
End Sub
%>

Discussion is locked