Fatal编程技术网
  • asp-classic/
  • Asp classic 第0行多步骤OLE DB操作生成错误。检查每个OLE DB状态值(如果可用)。没有做任何工作

Asp classic 第0行多步骤OLE DB操作生成错误。检查每个OLE DB状态值(如果可用)。没有做任何工作

asp-classic vbscript

Asp classic 第0行多步骤OLE DB操作生成错误。检查每个OLE DB状态值(如果可用)。没有做任何工作,asp-classic,vbscript,oledb,Asp Classic,Vbscript,Oledb,我继承了一些旧的asp/vb代码,它抛出了一个我无法修复的错误 服务器为Windows server 2008,运行IIS7,SQL server为2008 代码如下: <% @ Language=VBScript %> <!-- #include file="dsn.asp" --> <!-- #include file="adovbs.inc" --> <!-- #include file="libfunct.asp" --> <% '

我继承了一些旧的asp/vb代码,它抛出了一个我无法修复的错误

服务器为Windows server 2008,运行IIS7,SQL server为2008

代码如下:

<% @ Language=VBScript %>
<!-- #include file="dsn.asp" -->
<!-- #include file="adovbs.inc" -->
<!-- #include file="libfunct.asp" -->

<%
'****************************************
'    VARIABLES DECLARATION
'****************************************
Dim sSql, RsInsCoInfo, PolicyID, InsCo, InsOffice
Dim qsPolicyType, qsAttach, qsCLNT_ID, qsClientID
Dim CostArray(10)
Dim DescriptionArray(10)
'****************************************
'    END VARIABLES DECLARATION
'****************************************


'********************************************
'    RETRIEVING THE QUERYSTRINGS
'********************************************
qsAttach     = Request.QueryString("Attach")
qsCLNT_ID    = Request.QueryString("CLNT_ID")
qsClientID   = Request.QueryString("ClientID")
qsPolicyType = Request.QueryString("PolicyType")
qsReQuote    = Request.QueryString("ReQuote")
qsPolicyID   = Request.QueryString("PolicyID")
'********************************************
'    END RETRIEVING THE QUERYSTRINGS
'********************************************


'**********************************************
' RETRIEVING THE INSURANCE COMPANY DETAILS
'**********************************************
'Get the insurance company details
Set RsInsCoInfo  = Server.CreateObject("ADODB.RecordSet")

sSQL = "SELECT InsuranceCo.*,FormPolicy.* FROM insuranceCo,FormPolicy"
sSQL = sSQL & " WHERE FormPolicy.INS_EF <= CONVERT(smalldatetime,'" & dbSaveDate(Date) & "',101)"
sSQL = sSQL & " And FormPolicy.INS_ET >= convert(smalldatetime,'" & dbSaveDate(Date) & "',101)"
sSQL = sSQL & " AND FormPolicy.PolicyType ='"  & qsPolicyType & "'"
sSQL = sSQL & " AND InsuranceCo.INS_ID = FormPolicy.INS_ID"

'response.write ssql
'response.end
RsInsCoInfo.Open sSQL, OLEDBConnStr, adOpenStatic, adLockReadOnly, adCmdText

If Not RsInsCoInfo.EOF then
    InsOffice = RsInsCoInfo("INS_Office")
    InsCo     = RsInsCoInfo("INS_DS")
Else
    Response.write "<b>No underwriter available.  Please contact the system administrator.<br>"
    Response.write sSQL
    Response.end
End if

'Close and free
RsInsCoInfo.close
Set RsInsCoInfo = Nothing
'**********************************************
' END RETRIEVING THE INSURANCE COMPANY DETAILS
'**********************************************



'*********************************************************************************
'              CLIENT SEQUENCE NUMBER INCREMENT FOR THIS POLICY TYPE
'*********************************************************************************
If Not qsReQuote Then
   newPolicyNumber = qsClientID & qsPolicyType
   Set RsSequence    = Server.CreateObject("ADODB.RecordSet")
   sSQL = "SELECT * FROM Policy WHERE PolicyNumber like '%" & newPolicyNumber & "%' AND Clnt_ID=" & qsCLNT_ID
   RsSequence.Open sSQL, OLEDBConnStr, adOpenStatic, adLockReadOnly, adCmdText
   If RsSequence.recordcount > 0 then
       PolicyID = 00
       While not RsSequence.eof
          If right(RsSequence("PolicyNumber"), 2) > PolicyID then
             PolicyID = Cstr(right(RsSequence("PolicyNumber"), 2))
                response.write PolicyID & "<br>"
          End if
          RsSequence.moveNext
       Wend
       PolicyID = PolicyID + 1
       If PolicyID < 10 then
          PolicyID = "0" & CStr(PolicyID)
       End If
   Else
      PolicyID = "01"
   End If
   RsSequence.close
   SET RsSequence = NOTHING
End If
'*********************************************************************************
'             END CLIENT SEQUENCE NUMBER INCREMENT FOR THIS POLICY TYPE
'*********************************************************************************


'*********************************************************************************
'             UPDATING ADDITIONNAL FIELD TO THE QUOTE CREATION
'*********************************************************************************
'Setting var
Dim strConnection, SQL_Upsate, newPolicyNumber
newPolicyNumber = qsClientID & qsPolicyType & PolicyID


If Not qsReQuote Then
   'Insert Sql Statement
   SQL_Update = "UPDATE Policy SET CLNT_ID=" & qsCLNT_ID & ","
   SQL_Update = SQL_Update & " InsuranceCo='"& InsCo & "',"
   SQL_Update = SQL_Update & " Office='"& InsOffice & "',"
   SQL_Update = SQL_Update & " StatusID="& 0 & ","
   SQL_Update = SQL_Update & " PolicyNumber='" & newPolicyNumber & "'"
   SQL_Update = SQL_Update & " WHERE PolicyID=" & qsAttach
Else
   'Insert Sql Statement
   SQL_Update = "UPDATE Policy SET CLNT_ID=" & qsCLNT_ID & ","
   SQL_Update = SQL_Update & " InsuranceCo='"& InsCo & "',"
   SQL_Update = SQL_Update & " Office='"& InsOffice & "',"
   SQL_Update = SQL_Update & " StatusID="& 0
   SQL_Update = SQL_Update & " WHERE PolicyID=" & qsPolicyID
End If


'Connection object and open the db
Set strConnection = Server.CreateObject("ADODB.Connection")
strConnection.Open OLEDBConnStr

' Executing the sql insert
strConnection.Execute SQL_Update

'Now Close the connection and free up
strConnection.Close
Set strConnection = Nothing

'*********************************************************************************
'               END ADDING ADDITIONAL FIELDS TO THE QUOTE CREATION
'*********************************************************************************


'*********************************************************************************
'                               DO CALCULATION
' - obtains file named Policy & 'Calculations.inc' = HHCalculations.inc etc.
'
' Modified by Stuart 20/5/03
'*********************************************************************************
set Rs = Server.CreateObject("ADODB.Recordset")

If Not qsReQuote Then
   sSQL = "SELECT Policy.* FROM Policy WHERE Policy.PolicyID=" & qsAttach
Else
   sSQL = "SELECT Policy.* FROM Policy WHERE Policy.PolicyID=" & qsPolicyID
End If

Rs.Open sSQL, OLEDBConnStr, adOpenkeyset, adLockPessimistic, adCmdText



'********************************************
'Response.write "<B>Policy table For Testing Only<P></b>"
'For Each fld in Rs.fields
'   Response.write fld.name & " = " & fld.value & "<br>"
'Next
'Response.end
'**********************************************

    Agent = 0
    Agent2 = 0
    AgentIntro = 0

'Open rsAccount for writing account entries to the PolicyAmount table
'** Comment derek to Stuart -> wont we be better here to find the agent with the code?

If Session("Agent") <> "" then
    set RsAgent = Server.CreateObject("ADODB.Recordset")
    sSQL = "Select * from Agents Where Name = '" & Session("Agent") & "'"
    RsAgent.Open sSQL, OLEDBConnStr, adOpenkeyset, adLockPessimistic, adCmdText
    Agent = rsAgent("commission")
End if


'If a park was involved for a new business then the introductory rate is required.
If Session("Village_Name") <> "" then
    set RsPark = Server.CreateObject("ADODB.Recordset")
    If IsNumeric(Session("Village_Name")) Then
       sSQL = "Select * from Park Where ParkID = '" & Session("Village_Name") & "'"
    Else
       sSQL = "Select * from Park Where ParkID = '" & Session("reParkID") & "'"
    End If
    RsPark.Open sSQL, OLEDBConnStr, adOpenkeyset, adLockPessimistic, adCmdText
    If RsPark.eof then
        Response.write "<b>" & ssql & "<P>No Park record found - Line 189 QuoteSave2.asp<P>Please contact you system administrator." 
        'Response.end
    Else
        AgentIntro = RsPark("Introduction")
    End if
End if

set RsAccount = Server.CreateObject("ADODB.Recordset")
set RsQuestions = Server.CreateObject("ADODB.Recordset")

If Not qsReQuote Then
   sSQL = "SELECT * FROM PolicyAmount WHERE PolicyID=" & qsAttach
Else
   sSQL = "SELECT * FROM PolicyAmount WHERE PolicyID=" & qsPolicyID
End If
RsAccount.Open sSQL, OLEDBConnStr, adOpenkeyset, adLockPessimistic, adCmdText

If Not qsReQuote Then
   sSQL = "SELECT * FROM PolicyQuestions WHERE PolicyID=" & qsAttach
Else
   sSQL = "SELECT * FROM PolicyQuestions WHERE PolicyID=" & qsPolicyID
End If

RsQuestions.Open sSQL, OLEDBConnStr, adOpenkeyset, adLockPessimistic, adCmdText

If Not qsRequote Then
   RsAccount.Addnew
End If
If Not qsRequote Then
   RsAccount("PolicyID") = qsAttach
   linkID = qsAttach
Else
   RsAccount("PolicyID") = qsPolicyID
   linkID = qsPolicyID
End If


sTargetFile = qsPolicyType & "Calculations.inc"
sTargetFileContents = GetFileContentsForExecution(sTargetFile)
Execute sTargetFileContents




'*********************************************************************************
'                            END DO CALCULATION
'*********************************************************************************





'*********************************************************************************
'                            WRITE COSTS TO THE TABLE
'*********************************************************************************

'Update data to the PolicyAmount table
RsAccount("PolicyAmount_IB") = Session("Login")

RsAccount("PolicyAmount_IT") = Date
RsAccount.Update

'**********************************************
'Response.write "<P><B>PolicyAmount table For Testing Only<P></b>"

'For Each fld in RsAccount.fields
'   Response.write fld.name & " = " & fld.value & "<br>"
'Next
'Response.write "<P><B><a href='default.asp'>Home</a>"
'Response.end
'***********************************************

'Clean up
RsAccount.Close
Set RsAccount = Nothing
Rs.update
Rs.Close
Set Rs = Nothing
RsQuestions.Close
Set RsQuestions = Nothing
'RsPark.close
'Set RsPark = Nothing

'Finish with this second saving so redirect to the policy page
If Not qsReQuote Then
   Response.redirect "Policy.asp?PolicyID=" & qsAttach & "&CLNT_ID=" & qsCLNT_ID & "&ClientID=" & qsClientID & "&PolicyType=" & qsPolicyType
Else
   Response.redirect "Policy.asp?PolicyID=" & qsPolicyID & "&CLNT_ID=" & qsCLNT_ID & "&ClientID=" & qsClientID & "&PolicyType=" & qsPolicyType
End If

%>
这是错误:“警告:文件/quotesave2.asp第0行多步骤OLE DB操作生成错误。请检查每个OLE DB状态值(如果可用)。未完成任何工作…”

这真的没有给我太多的继续下去,任何帮助/见解将不胜感激。
谢谢。

没有行号就很难确定确切的问题。我注意到在脚本的末尾,您向
RsAccount
添加了一条新记录,并为记录集字段赋值。在过去,由于VBScript变量和记录集字段类型之间的类型不匹配,我遇到了“多步骤OLE DB操作生成错误”错误。仔细检查要更新的列的数据类型,如果需要,在将值分配给记录集之前显式地转换值(例如,使用
CLng
表示数字)。

这是一种经典做法,我通过在执行之前将每个命令记录到数据库来处理这些问题。所以

log(sSql)
RsAccount.Open sSQL, OLEDBConnStr, adOpenkeyset, adLockPessimistic, adCmdText
其中log(tekst)是将传递的文本写入txt文件的子文件。现在,当您遇到错误时,执行将停止并检查日志。最后一项是生成错误的sql。在交互式环境中执行此sql,在该环境中,您可以轻松地调整文本并重试,并且可以从dbclient获得更准确的错误。我不知道Sql Server是什么,我使用Oracle,这就是Sql*另外,我肯定Sql Server肯定还有其他版本。更正sql后,将其粘贴到代码中,用变量替换文字。再次请求页面并执行上述操作,直到所有sql都正确无误。

首先,SELECT语句正在选择多个同名字段,这可能会导致问题。将您的陈述更改为:(我猜您可能需要更改INSU D表)

您的代码具有严重的SQL注入攻击漏洞,从不将从客户端接收的文本连接到SQL代码中,始终使用参数化查询。事实上,在这种情况下,您应该分离变异数据库的代码,并将其移动到SQL中。将其放置在具有一些事务控制的存储过程中(您的代码也有并发问题),然后生成HTML输出到客户端。此代码在只有不到15人可以访问的intranet上运行,这不是问题。这也不是我的代码,而是我要修复的东西,没有足够的时间重写。只是一个想法——底层SQL表有触发器吗?我以前在触发器出现错误时见过这个错误。你的连接字符串是什么?请发布
OLEDBConnStr
的值,该值可能在某些包含的文件中定义。。 
sSQL = "SELECT ic.INS_Office, fp.INS_DS "&_
    "FROM insuranceCo ic INNER JOIN FormPolicy fp ON ic.INS_ID = fp.INS_ID "&_
    "WHERE fp.INS_EF <= CONVERT(smalldatetime,'" & dbSaveDate(Date) & "',101) "&_
    "AND fp.INS_ET >= convert(smalldatetime,'" & dbSaveDate(Date) & "',101) "&_
    "AND fp.PolicyType = '"  & qsPolicyType & "'"

sSQL = "SELECT ic.INS_Office, fp.INS_DS "&_
    "FROM insuranceCo ic INNER JOIN FormPolicy fp ON ic.INS_ID = fp.INS_ID "&_
    "WHERE fp.PolicyType = '"  & qsPolicyType & "'"