Search code examples
sqlasp-classicsqlconnection

SQL data not showing two columns on site

I've got a DB connection to my SQL Server on Azure. Two columns are showing on the page but not showing the other 2. Columns are company name and further details

Company Name is standard business name

Further Details stores URLs to more information

I've tried the SQL statement in SQL Management and it displays data what should be shown.

I've checked the parameters of the column, they're both nvarchar(Max) it shows as -1 when clicking to modify the size of the column. Does this mean it has unlimited size?

The file type is Classic ASP with inline CSS and HTML inside.

Below is what is being called in the database. 

<%
Session.LCID=2057

Dim connpiudb, rspiudata, strSQL, fldThis, strSQL2, strSQL3, strcategory

strcategory = Request.querystring("category")

Set connpiudb = Server.CreateObject("ADODB.Connection")
Set rspiudata = Server.CreateObject("ADODB.Recordset")

strSQL = "SELECT companyname, courtnumber, cronumber, furtherdetails FROM piudata WHERE category LIKE '" & strCategory & "%' Order by companyname"
 strValue = Request.QueryString(<%= rspiudata.Fields("companyname") %>)

response.write strSQL
response.write strValue

<!-- strSQL = "SELECT companyname , courtnumber , cronumber, furtherdetails FROM piudata WHERE category LIKE '%c%' Order by companyname" -->

connpiudb.Open strConnect
rspiudata.open strSQL, connpiudb
%>

Below is how the database is stored in the HTML table. 

<!--content start-->

<FONT FACE="Arial" size="2">

<TABLE BORDER="0" cellpadding="2" width="60%"><TR>

  <%
  Do Until rspiudata.EOF
  %>
  <TR><TD width="40%"><B>Company Name:</B></TD><TD width="60%"><%= rspiudata.Fields("companyname") %></TD></TR>  
  <TR><TD width="40%"><B>Further Details:</B></TD><TD width="60%"><%=rspiudata.Fields("furtherdetails") %></TD></TR>
  <TR><TD width="40%"><B>Court Number:</B></TD><TD width="60%"><%= rspiudata.Fields("courtnumber") %></TD></TR>
  <TR><TD width="40%"><B>Company Registered Number:</B></TD><TD width="60%"><%= rspiudata.Fields("cronumber") %></TD></TR>
  <TR><TD width="100%" colspan="2"><HR></TD></TR>
  <%
  rspiudata.movenext
  Loop

  rspiudata.Close
  Set rspiudata = Nothing
  connpiudb.close
  %>
</TABLE>

I am struggling to understand what the actual issue is. Only thing I've thought of is that the columns sizes default to -1 when setting it as MAX or that Classic ASP does not support NVARCHAR(max)

Any help will be great.

Solution

  • Before going further on this, following code needs to be corrected 

    <%
...
strValue = Request.QueryString(<%= rspiudata.Fields("companyname") %>)

    I understood you have it for debug purposes however it has neither valid syntax (you inject <% %> within existing server code block nor valid operator (Request.QueryString is for query strings) nor right place (recordset is defined but not opened).

    And read about sql injections.