1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 6:51 am May 14, 2026

Forum Moderators: open

Message Too Old, No Replies

Execute a SQL Statement Onclick

         

TennesseeGuy

8:19 pm on Feb 7, 2005 (gmt 0)

10+ Year Member



I am atempting to execute a sql statement if a link is clicked on the page. The sql statemtn will simply update a record in the db but nothing is happening. Can someone take a quick peak and let me know what I am doing wrong? I am still learning sql but I am tryin really hard.

Function ReportMe
sSQL = "Select T_WARN from FORUM_TOPICS" &_
" where T_AUTHOR=" & AuthorID & " and CAT_ID = " & CatID & " AND FORUM_ID = " & ForumID & " TOPIC_ID = " & TopicID & ""
set mrLev = my_Conn.Execute (sSQL)
mrLevel = mrLev("T_WARN")
mrLev.close
If mrLevel < 1 Then
sReportSQL = "update from FORUM_TOPICS set T_WARN = 1" &_
" where T_AUTHOR=" & AuthorID & " and CAT_ID = " & CatID & " AND FORUM_ID = " & ForumID & " TOPIC_ID = " & TopicID & ""
Set ReportCon = my_Conn.Execute (sReportSQL)
ReportCon.close
Else
sReportSQL = "update from FORUM_TOPICS set T_WARN = (T_WARN + 1)" &_
" where T_AUTHOR=" & AuthorID & " and CAT_ID = " & CatID & " AND FORUM_ID = " & ForumID & " TOPIC_ID = " & TopicID & ""
Set ReportCon = my_Conn.Execute (sReportSQL)
ReportCon.close
End If
End Function

In the Body:

<a href=""privatesend.asp?method=Topic&mname=" & rs("T_AUTHOR") & " onClick=""ReportMe"""">Send Warning to Member</a>

orion_rus

3:44 pm on Feb 8, 2005 (gmt 0)

10+ Year Member



U can't execute SQL in a client side. You can do it only in a server side, what's why try to ask about it in a ASPx forums

rocknbil

5:27 pm on Feb 8, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



More importantly, this is a very insecure thing to do. You've exposed all your table and field names to anyone on the web, and figuring out how it's built is the first step in performing a mysql inject.

datapimp

7:12 pm on Feb 15, 2005 (gmt 0)



That isn't necessarily true that you can't execute a SQL statement on the client side.

You could -- if you wanted to execute this statement on the click of a button, without reloading the page -- use the XML HTTP Request Object to make a POST request to a server side script in the background, transparent to the user.

Not exactly on the client side, but as far as the user is concerned they're not being redirected or going to a new page or anything..

a javascript example of this follows, but you'll have to google on your own for syntax and examples and details:

function Boom(var3) {
var oXMLHTTP = new ActiveXObject("Microsoft.XMLHTTP");
var sURL = "http://url/script.php?var1=one&var2=two&var3="+Var3;

oXMLHTTP.open("POST",sURL,false);

oXMLHTTP.send();

//do something with

oXMLHTTP.responseText;

}

dmmh

8:06 pm on Feb 15, 2005 (gmt 0)

10+ Year Member



why not simply use a javascript popup and send some variables via get to the popup that loads?
first this will eliminate your problem, second it is way more secure, as already pointed out, having your DB info up for the grab is pretty insecure
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 6:51 am May 14, 2026