This is a problem that will only occur if someone tries to do this manually, but I still no not want the problem to show up as a HTTP 500.100 - Internal Server Error - ASP error...

So is there a way to find out when this is caused?

The problem:
The ID (index) number used as an index number to do a search in a database but the ID number is not in the database anywhere.

PHP tags make it look better:

<%
Dim oConn, StrConn, SQL, oRS, IntID

Set oConn = Server.CreateObject("ADODB.Connection")
StrConn = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("db1.mdb") & ";"
oConn.open StrConn

If Request.QueryString("ID") = "" Then
IntID = 1
Else
IntID = Request.QueryString("ID")
End If

SQL = "SELECT * FROM Table1 WHERE ID = " & IntID
Set oRS = oConn.Execute(SQL)

Response.Write oRS("Text")
%>


Here is a sample database I used, attached...

So do you see what I am trying to prevent? I don't want to try and stop the error as much as realize it's the EXACT, SPECIFIC, error, and then do something after the problem has already been done... Understand?

Thank you if you know what I mean and can help me.

I don't have a clue. What are you trying to prevent ?

My SQL knowledge is a bit iffy, but can't you use EXISTS ?

IF EXISTS (SELECT * FROM Table1 WHERE id=1234) THEN
SELECT * FROM Table1 WHERE id=1234
ELSE
SELECT * FROM Table1 WHERE id=1
END IF

Hum..
Well, I will look into any EXSIST syntax for SQL, but what I am trying to do is, if the ID number a user selected is not there, and they try to use it to search for text (example db1.mdb I uploaded), then either do something after the code has been executed, or do something before..

Maybe sometime like, On Error number (What ever number that error is) Redirect("Sorry ID number does not exsist")

Understand?

No. I don't.

I think you want to run a select with a condition, and then display the info form a certan record (where id = ...)
If the ID is not present in the table, you want to display a message.

Something like that ? (Can't imagen this is your problem cause your way to smart for that)

Anyway. If this was the case, just check if the recordset is empty (using a count or check if you're eof.)


SQL = "SELECT * FROM Table1 WHERE ID = " & IntID
Set oRS = oConn.Execute(SQL)

if oRs.EOF=true then
response.write("ID not found. Please go back ...")
else
Response.Write oRS("Text")
end if


or with the count


SQL = "SELECT variables,Count(*) as [number] FROM Table1 WHERE ID = " & IntID
Set oRS = oConn.Execute(SQL)

if oRs.Fields("number") >= 1 then
response.write("ID not found. Please go back ...")
else
Response.Write oRS("Text")
end if

That's the exact way I would of done it if to skip the error, but what I want to do, is make sure the error is passed off, and the server knows what happened.

Then I want to (not display the IIS laid out error, but) display a page telling them the error occured.

So I need the error to run, and do something like:

If last error = (error type ID) Then
It happened....
End If.

So not stop it, but allow the error to happen.

I think I must use an error handler of some sort.

Why can't you just make sure that "index number" exists in the database, before you try to do any queries based on it :confused:

P.S. I know exactly what you're talking about, I think... for instance if someone tries to mess with a querystring, right?

If you're passing a table name or whatever, in a querystring, you need to check first to see if that table even exists - the simplest (but not dynamic) way is just to do a Select Case statement with all your "allowed" tables.

Perhaps even better is to query your SQL Server's management (I forget what they are called) tables to see if that table exists first, if it's the fact that the table doesn't exist that is generating the error, since an EOF woudln't work in that case.

P.S. If you want a pretty darn secure way (IMHO) to pass table names, etc. (perhaps even credit card numbers, dare I say it) to a client-side hidden field, email me and I'll share with you what I've been working on. The way it works, it's not like anyone could decrypt a string without the key, anyway, even if they knew the decryption scheme (although it would give them a bit more to work with, I don't think it would help much) - which in a case like this would be randomly generated... and you could also use a bunch of techniques to obfuscate the encryption even further, but I really don't think they would be necessary. ;)

Originally posted by whammy
Why can't you just make sure that "index number" exists in the database, before you try to do any queries based on it :confused:

P.S. I know exactly what you're talking about, I think... for instance if someone tries to mess with a querystring, right?

If you're passing a table name or whatever, in a querystring, you need to check first to see if that table even exists - the simplest (but not dynamic) way is just to do a Select Case statement with all your "allowed" tables.

Perhaps even better is to query your SQL Server's management (I forget what they are called) tables to see if that table exists first, if it's the fact that the table doesn't exist that is generating the error, since an EOF woudln't work in that case.

P.S. If you want a pretty darn secure way (IMHO) to pass table names, etc. (perhaps even credit card numbers, dare I say it) to a client-side hidden field, email me and I'll share with you what I've been working on. The way it works, it's not like anyone could decrypt a string without the key, anyway, even if they knew the decryption scheme (although it would give them a bit more to work with, I don't think it would help much) - which in a case like this would be randomly generated... and you could also use a bunch of techniques to obfuscate the encryption even further, but I really don't think they would be necessary. ;)

Well, that's pretty much the idea, you will only get the error if the users uses the wrong ID number, but the problem is, I expect to receive over 200+ records, and since looping is out of the question, the only way is to check to see if the ID number is there first. This still causes te little extra bit of database usage that I wish not to add.

So that leaves me with having to do something after the error has occured, which seems like something easy for an Error Handler, but I want to be more exact on the Error type, and I don't know how that works or if works for this error in ASP.


My tables are pretty much static, there is no way I want a user to be able to create tables, just alot better to use Indexing.

Now, do you all understand my issue? Does anyone have any good articles about On error handling? I have found ones that are really bad way of explaining it. Maybe it's something I will never know... Maybe for the best.. On Error Handler is something like and easy way out, no?

Well, I asked somone else and they showed me:
http://www.15seconds.com/issue/990603.htm

Now, I was playing with this, and I was thinking, does it really matter if they see the error, infact, the only way they can receive that error is if they try to edit there cookie.

I am a little confused and lost of the issue, maybe I am just tired and a little frustrated. It might be well and good if I sleep on the issue.

Thank you for your time.