An archive of the South African PCFormat forums.
https://tuhinga.ron2k.za.net/pcformat/
It seems its initial value is 0RuadRauFlessa wrote:What is the value of txtNumRisks.Text when you get to lstHazards.Items.Clear()
Code: Select all
For counter = 0 To (ImpArray.Length - 1)
If IsNumeric(ImpArray(counter)) Then
'GET NUMBER OF RISKS
Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "' AND _EMS_Reg_Impacts.ID = '" & ImpArray(counter) & "'"
Dim dsNumRisks As New DataSet
dsNumRisks = currCC.executeQuery(Application("ConnString"), strSQL1, "PPE")
'Create Data Row
Dim rNumRisks As DataRow
For Each rNumRisks In dsNumRisks.Tables("PPE").Rows
txtNumRisks.Text = CInt(txtNumRisks.Text) + 1
Next
If txtNumImpacts.Text = "" Then
txtNumImpacts.Text = "1"
Else
txtNumImpacts.Text = CInt(txtNumImpacts.Text) + 1
End If
End If
Next
Code: Select all
'GET NUMBER OF RISKS
Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "' AND _EMS_Reg_Impacts.ID = '" & ImpArray(counter) & "'"
Code: Select all
'GET RISKS
Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "'"
That I will check quick.RuadRauFlessa wrote:
Also is
andCode: Select all
'GET NUMBER OF RISKS Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _ "FROM _SAFETY_Risks INNER JOIN " & _ "_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _ "WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "' AND _EMS_Reg_Impacts.ID = '" & ImpArray(counter) & "'"
Supposed to be the same?Code: Select all
'GET RISKS Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _ "FROM _SAFETY_Risks INNER JOIN " & _ "_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _ "WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "'"
Code: Select all
For counter = 0 To (ImpArray.Length - 1)
If IsNumeric(ImpArray(counter)) Then
'GET NUMBER OF RISKS
Dim strSQL1 = "SELECT count(*) " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "' AND _EMS_Reg_Impacts.ID = '" & ImpArray(counter) & "'"
'Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
' "FROM _SAFETY_Risks INNER JOIN " & _
' "_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
' "WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "' AND _EMS_Reg_Impacts.ID = '" & ImpArray(counter) & "'"
Dim dsNumRisks As New DataSet
dsNumRisks = currCC.executeQuery(Application("ConnString"), strSQL1, "PPE")
'Create Data Row
Dim rNumRisks As DataRow
For Each rNumRisks In dsNumRisks.Tables("PPE").Rows
txtNumRisks.Text = 'retrieve col 1 from rNumRisks
'txtNumRisks.Text = CInt(txtNumRisks.Text) + 1
Next
If txtNumImpacts.Text = "" Then
txtNumImpacts.Text = "1"
Else
txtNumImpacts.Text = CInt(txtNumImpacts.Text) + 1
End If
End If
Next
Code: Select all
Dim counter As Integer
counter = 0
Dim RiskCounter As Integer
Dim OccCounter As Integer
Dim EquipCounter As Integer
RiskCounter = 0
OccCounter = 0
EquipCounter = 0
Dim ImpArray As Array
ImpArray = ImpactsArray("IMPACTS", r)
For counter = 0 To (ImpArray.Length - 1)
If IsNumeric(ImpArray(counter)) Then
'GET NUMBER OF RISKS
Dim strSQL = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "' AND _EMS_Reg_Impacts.ID = '" & ImpArray(counter) & "'"
Dim dsNumRisks As New DataSet
dsNumRisks = currCC.executeQuery(Application("ConnString"), strSQL, "NumRisks")
'Create Data Row
Dim rNumRisks As DataRow
For Each rNumRisks In dsNumRisks.Tables("NumRisks").Rows
txtNumRisks.Text = CInt(txtNumRisks.Text) + 1
Next
If txtNumImpacts.Text = "" Then
txtNumImpacts.Text = "1"
Else
txtNumImpacts.Text = CInt(txtNumImpacts.Text) + 1
End If
End If
Next
lstHazards.Items.Clear()
Dim initItem As New System.Web.UI.WebControls.ListItem
initItem.Value = "0"
initItem.Text = "-- Not Selected --"
lstHazards.Items.Add(initItem)
For counter = 0 To (ImpArray.Length - 1)
If IsNumeric(ImpArray(counter)) Then
'Response.Write("hello" & "<br>")
'==============Get Impact Name==================
strSQL = "SELECT * FROM _EMS_Reg_Impacts WHERE ID = '" & ImpArray(counter) & "'"
Dim dsImpName As New DataSet
dsImpName = currCC.executeQuery(Application("ConnString"), strSQL, "ImpName")
Dim rImpName As DataRow
If dsImpName.Tables("ImpName").Rows.Count > 0 Then
Response.Write("hello" & "<br>")
rImpName = dsImpName.Tables("ImpName").Rows(0)
'============HAZARDS DROP-DOWN=============
Dim currItem As New System.Web.UI.WebControls.ListItem
currItem.Value = ImpArray(counter)
currItem.Text = rImpName("IMPACT")
lstHazards.Items.Add(currItem)
'=========================================
End If
'End If
End if
Next
'GET RISKS
Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = '" & lstItems.SelectedItem.Value & "'"
'Response.Write(strSQL1 & "<br>")
Dim ds2 As New DataSet
ds2 = currCC.executeQuery(Application("ConnString"), strSQL1, "Risks")
'Create Data Row
Dim r2 As DataRow
For Each r2 In ds2.Tables("Risks").Rows
Dim cell1 As New System.Web.UI.WebControls.TableCell
Dim cell2 As New System.Web.UI.WebControls.TableCell
Dim cellremove As New System.Web.UI.WebControls.TableCell
Dim tr As New System.Web.UI.WebControls.TableRow
cell1.Text = currCC.retrieveString("RISK", r2)
cell2.Text = currCC.retrieveString("HAZARDDESC", r2)
cell1.CssClass = "content3"
cell2.CssClass = "content3"
cellremove.CssClass = "content3"
tr.Cells.Add(cell1)
tr.Cells.Add(cell2)
Dim cmdRemove As New System.Web.UI.HtmlControls.HtmlButton
cmdRemove.Attributes.Add("onclick", "removerisks('" & r2("ID") & "')")
cmdRemove.InnerText = "Remove"
cmdRemove.Style.Add("font-size", "10px")
cellremove.Controls.Add(cmdRemove)
tr.Cells.Add(cellremove)
tblRisks.Rows.Add(tr)
New code
For counter = 0 To (ImpArray.Length - 1)
If IsNumeric(ImpArray(counter)) Then
makeImpactRow(ImpArray(counter), RiskCounter, r2)
RiskCounter += 1
End If
Next
end of new code
Next
Code: Select all
'GET RISKS
Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _
"FROM _SAFETY_Risks INNER JOIN " & _
"_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _
"WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = " & lstItems.SelectedItem.Value & "'"Code: Select all
string sSQL = @"
SELECT * FROM tblCustomers WITH (nolock)
WHERE customerID = @CustomerID";
SqlCommand sqlCommand = new SqlCommand(sSQL, sqlConn); // sqlConn is of type SqlConnection
sqlCommand.Parameters.Add("@CustomerID",
SqlDbType.Int).Value = 12345; // in real life, this will be a variable
SqlDataReader reader = sqlCommand.ExecuteReader();
if (reader.HasRows)
{
// code here to process the rows
}
if (!reader.IsClosed) reader.Close();Hi. I understand what you saying. However I did not write this code. This code was done in 1995 and been upgraded since then. I will try implement what you are saying into this application as I fix it.Ron2K wrote:This isn't related to the problem you're currently experiencing, it's a general coding tip for the future - assuming you're using ASP .NET and not classic ASP (if you're using classic ASP, then stop reading this post right now).
I notice you have stuff in your code like this:
I would never insert any variable directly into a SQL statement like that, as you run the risk of SQL injection.Code: Select all
'GET RISKS Dim strSQL1 = "SELECT _SAFETY_Risks.*, _EMS_Reg_Impacts.IMPACT AS HAZARDDESC " & _ "FROM _SAFETY_Risks INNER JOIN " & _ "_EMS_Reg_Impacts ON _SAFETY_Risks.HAZARD = _EMS_Reg_Impacts.ID " & _ "WHERE (_SAFETY_Risks.REC_COUNT = 0) AND (_EMS_Reg_Impacts.REC_COUNT = 0) AND ASPECTID = " & lstItems.SelectedItem.Value & "'"
There are two methods of dealing with it. The first is to carry on like you've been doing, but search all variables going into the statement for characters that can cause SQL injection, and escape them properly. I don't like doing this though, I prefer using parameters in my queries. It's a bit longer to do, but it's more elegant and it makes you safe from SQL injection (I have tested this extensively).
Here's a code sample, written in C#, that illustrates this:
Code: Select all
string sSQL = @" SELECT * FROM tblCustomers WITH (nolock) WHERE customerID = @CustomerID"; SqlCommand sqlCommand = new SqlCommand(sSQL, sqlConn); // sqlConn is of type SqlConnection sqlCommand.Parameters.Add("@CustomerID", SqlDbType.Int).Value = 12345; // in real life, this will be a variable SqlDataReader reader = sqlCommand.ExecuteReader(); if (reader.HasRows) { // code here to process the rows } if (!reader.IsClosed) reader.Close();
RuadRauFlessa wrote:What was the problem?
Code: Select all
makeImpactRow(r2("Hazard"), RiskCounter, r2)
RiskCounter += 1
I thought as much.CesarePlay wrote:RuadRauFlessa wrote:What was the problem?
It was calling the wrong function. Here is the fixed code
Code: Select all
makeImpactRow(r2("Hazard"), RiskCounter, r2) RiskCounter += 1
Best idea ever.CesarePlay wrote: This works. I try and get this page to be more standards correct when I have time.
It will be hard to do it but some of it has been changed to be better. It also has been better organized now. Hopefully it won't take long to do it.RuadRauFlessa wrote: Best idea ever.
Problem is, the real world is often messy - there will be times where you'll have to fix something you can't rewrite, particularly when you're dealing with legacy stuff.Thats true. If I have to add new stuff I make sure the new stuff is done correctly to it.Ron2K wrote: