It's a simple piece of ASP code. I shouldn't be having problems with it. Yet, here it is!
I have searched through Stack Overflow and can't find an answer. I have an SQL insert that keeps creating two records. I can't find a reason, rhythm nor rhyme to resolve this issue. What is causing me to have this duplicate record?
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0; DATA
SOURCE=c:/inetpub/wwwroot/website/database/msg.mdb"
sql="INSERT INTO msg (uid,thisuid,bizid,ucomments,posted) VALUES
('"&request("uid")&"','"&request("thisuid")&
"','"&request("bizid")&"','"&request("ucomments")&"','"&Now&"');"
Set rs= Server.CreateObject("ADODB.Recordset")
rs.Open sql, conn, 3, 2
conn.Execute sql
conn.close
'response.redirect "show-msg.asp"
%>
You open your SQL statement with rs.open and then you execute it with conn.execute -> double insert There's no need to create a recordset for an insert, the conn.execute is enough.
However, both methods rs.Open and conn.Execute are open to SQL Injection due to the way the SQL statement has been constructed. In this scenario, the best approach is to sanitise any input before passing directly into a SQL Statement and switch to using parameterised queries which use the ADODB.Command object.