<% 'PageName = event_group_delete 'This page has a small security risk in this form because a Event could potentially 'edit the URL they are hitting and change the Query String to another number 'causing a diferent record to be deleted 'if this becomes a problem, a check could be built in to verify that the Event is 'either an admin or it's their own record they are editing. Set objConn=GetConn strSQLtmp="SELECT * FROM EventGroup WHERE EventGroupID='" & GroupID & "';" Set objRStmp = objConn.Execute(strSQLtmp) strSQL1="SELECT * FROM EventGroupJoin WHERE EventGroupID='" & GroupID & "';" Set objRS1 = objConn.Execute(strSQL1) strSQL2="SELECT * FROM EventGroupScheduleJoin WHERE EventGroupID='" & GroupID & "';" 'Response.Write "strSQLtmp= " & strSQLtmp & "strSQL1= " & strSQL1 & "strSQL2= " & strSQL2 & vbcrlf Set objRS2 = objConn.Execute(strSQL2) If objRStmp.eof And objRS1.eof And objRS2.eof Then DoHeader ("Error Deleting Record") Response.Write "

" Response.Write "" & vbcrlf Response.Write "" & vbcrlf Response.Write "" & vbcrlf Response.Write "" & vbcrlf Response.End Else strRedirect = "/promanweb/event/event_group_list.asp?iCognateFlag=" & iCognateFlag strSQLtmp="DELETE * FROM EventGroup WHERE EventGroupID='" & GroupID & "';" objConn.Execute(strSQLtmp) strSQL1="DELETE * FROM EventGroupJoin WHERE EventGroupID='" & GroupID & "';" objConn.Execute(strSQL1) strSQL2="DELETE * FROM EventGroupScheduleJoin WHERE EventGroupID='" & GroupID & "';" objConn.Execute(strSQL2) End If objRStmp.Close Set objRStmp= nothing objRS1.Close Set objRS1= nothing objRS2.Close Set objRS2= nothing objConn.Close Set objConn = nothing Response.Redirect strRedirect %>

Error in processing Delete. Please report the problem to the webmaster.
Back to Form