What pitfalls may I encounter by not setting the cmd.CommandType attribute when running a dynamic sql call? I can not use adovbs.inc, and using cmd.CommandType = 200 yields the error:
ADODB.Command (0x800A0BB9) Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
So by commenting this line out, everything appears to be working as planned. However, what issues may I run into?
Here is a snippet of the code, for context.
Dim cmd
Set cmd = Server.CreateObject("ADODB.Command")
cmd.ActiveConnection = dbConn
cmd.CommandText = "SELECT * FROM Users WHERE active = 1 AND username=? AND password=?"
cmd.CommandType = 200 'advarchar
cmd.Parameters(0) = request.form("username")
cmd.Parameters(1) = request.form("password")
Dim RS
Set RS = cmd.Execute()
You have
cmd.CommandType = 200 ' adVarChar
Are you sure you don't want
cmd.CommandType = 1 ' adCmdText
instead?