See if this helps
http://home.att.net/~codelibrary/FrontPage/tweaks.htm#DRW Script Modifications
--
_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
To find the best Newsgroup for FrontPage support see:
http://www.frontpagemvps.com/FrontPageNewsGroups/tabid/53/Default.aspx
_____________________________________________
| Update... After spending time on the phone with Microsoft support, here is
| what I found. Frontpage database regions (after Office 2003 sp2 is
| installed) break where :
arameters:: are used in formats other then "select
| * from table where field = ":
arameter::""
|
| According the the support engineer, this was done by design to help
| eliminate the SQL injection issue. (If you're not familiar with
| SQLInjection, do a google search on the subject). Microsoft article 907307
| is about the closest article I can find that highlights the subject but it is
| not well written. According to the support engineer, they are aware of the
| problem but no real fix is available at this time. There suggested work
| arounds included:
| - uninstalling frontpage2003, then reinstalling and not applying SP2.
| - Replacing the _fpclass\fbdbrgn?.inc files with an older version but this
| would allow for the SQL injection security issue. You also would not be able
| to use the frontpage database wizzard to modify your database. (custom
| queries fail to validate.)
|
| There are a lot of posts in various threads on the Frontpage message board
| that I believe are related to this same issue. I would think that the answer
| to this is for Microsoft to come up with a solution that validates form
| responses and filtering out key characters that allow for SQLInjection such
| as -- ' ; and so on. I would rather be limited in there use then have every
| single update, insert, and select statement that uses :
arameters:: in many
| web sites we have developed to break!
|
| The SQLInjection security issue is certainly a nasty problem, but this fix
| is to not break frontpage. The fix involves form validation and filtering
| and database security.
|
| "John" wrote:
|
| > I am having the exact same issues on several web sites on several different
| > servers. I also believe the problem to be related to a receint Office
| > update. In my case, any query other then a standard "select" query that
| > contains a :
arameter:: now failes in webs that have been working for a very
| > long time after it is modified and saved by Frontpage. (Frontpage 2003 sp2)
| > Frontpage appears to overwrite the fpdbrgn1.inc and fpdbrgn2.inc files and
| > that is when the problem occurs. I can restore these files with an older
| > copy and the database regions once again work OK. This is not an acceptable
| > fix for me as this still leaves me not able to easily modify the database
| > regions with frontpage. Something about the fpdbrgn?.inc files, once saved
| > with the updated frontpage are no longer able to handle very simple queries
| > that contain parameters.
| >
| > "KGCS" wrote:
| >
| > > Yes I have and they work. The page returns the current data in the database.
| > > It will not allow me to update with this drw statement
| > >
| > > UPDATE TBLOther
| > > SET
| > > OConflictInterest='::OConflictInterest::'
| > > WHERE Uemail='::uemail::'
| > >
| > > I have tried removing the ' and :: with different variations and I still
| > > will not work.
| > >
| > > If I take out the :: in each line, the query will verify but will not update
| > > the data in the database. This is driving me nuts. This is all caused by
| > > either the windows update or OFfice 2003 updates.
| > >
| > > "Kathleen Anderson [MVP - FrontPage]" wrote:
| > >
| > > > I meant a query query, not an update query.
| > > >
| > > > --
| > > > ~ Kathleen Anderson
| > > > Microsoft MVP - FrontPage
| > > > Spider Web Woman Designs
| > > > web:
http://www.spiderwebwoman.com/resources/
| > > >
| > > >
| > > > | > > > > Yes, I even tried a simple update query and it still says I have an error
| > > > > in
| > > > > the query.
| > > > >
| > > > > UPDATE TBLOther
| > > > > SET
| > > > > OConflictInterest='::OConflictInterest::'
| > > > > WHERE Uemail='::uemail::'
| > > > >
| > > > > I dont see where the error is in this statement.
| > > > >
| > > > >
| > > > >
| > > > > "Kathleen Anderson [MVP - FrontPage]" wrote:
| > > > >
| > > > >> I don't know if it's the web or not. Did you try creating a new query
| > > > >> page
| > > > >> to see if that would work?
| > > > >>
| > > > >> --
| > > > >>
| > > > >> ~ Kathleen Anderson
| > > > >> Microsoft MVP - FrontPage
| > > > >> Spider Web Woman Designs
| > > > >> web:
http://www.spiderwebwoman.com/resources/
| > > > >>
| > > > >>
| > > > >>
| > > > >>
| > > > >> | > > > >> >I have 8 different update queries that still work but I can't modify
| > > > >> >them
| > > > >> > with this error report. All the update queries work so its not the web
| > > > >> > right?
| > > > >> >
| > > > >> > Do you see anything wrong with the query statement?
| > > > >> >
| > > > >> > Dan
| > > > >> >
| > > > >> > "Kathleen Anderson [MVP - FrontPage]" wrote:
| > > > >> >
| > > > >> >> Try creating a simple query page in the web to see if it's a problem
| > > > >> >> in
| > > > >> >> the
| > > > >> >> web or just with the update page.
| > > > >> >>
| > > > >> >> --
| > > > >> >> ~ Kathleen Anderson
| > > > >> >> Microsoft MVP - FrontPage
| > > > >> >> Spider Web Woman Designs
| > > > >> >> web:
http://www.spiderwebwoman.com/resources/
| > > > >> >>
| > > > >> >>
| > > > >> >> | > > > >> >> > Microsofts "fix" for this can be found
| > > > >> >> > at:
http://support.microsoft.com/kb/907307, it still does not work!
| > > > >> >> >
| > > > >> >> > "KGCS" wrote:
| > > > >> >> >
| > > > >> >> >> Q. Are you getting an error in FrontPage or do you get it when you
| > > > >> >> >> try
| > > > >> >> >> it
| > > > >> >> >> from
| > > > >> >> >> your web page?
| > > > >> >> >> Answer: The error occurs in FrontPage when open the update.asp page
| > > > >> >> >>
| > > > >> >> >> This is the start of a Database Results region. The custom query
| > > > >> >> >> contains
| > > > >> >> >> errors.
| > > > >> >> >> This is the end of a Database Results region.
| > > > >> >> >>
| > > > >> >> >> Q. If it happens on your site what's the error message?
| > > > >> >> >> Answer: It also occurs when you try it out on the web. Here is
| > > > >> >> >> the
| > > > >> >> >> web
| > > > >> >> >> error.
| > > > >> >> >> Database Results Wizard Error
| > > > >> >> >> The operation failed. If this continues, please contact your
| > > > >> >> >> server
| > > > >> >> >> administrator.
| > > > >> >> >>
| > > > >> >> >>
| > > > >> >> >> Q. Is "The custom query contains errors" the exact error you're
| > > > >> >> >> getting?
| > > > >> >> >> Answer: Yes
| > > > >> >> >>
| > > > >> >> >> Q. Did you install the latest Service Pack?
| > > > >> >> >> Answer: Yes, both on the Win 2000 server and Office updates for
| > > > >> >> >> FrontPage
| > > > >> >> >> 2003.
| > > > >> >> >>
| > > > >> >> >> If you recall about 2 years ago Microsoft did this with a security
| > > > >> >> >> update
| > > > >> >> >> for FP 2002. The fix then and now is to overright the
| > > > >> >> >> "fpdbrgn1.inc"
| > > > >> >> >> file
| > > > >> >> >> with an old one. I got the pages to work again by doing that.
| > > > >> >> >> That
| > > > >> >> >> can't be
| > > > >> >> >> the microsoft fix for this. I dont want to have to go back to over
| > > > >> >> >> righting
| > > > >> >> >> the file, every time I update the pages.
| > > > >> >> >>
| > > > >> >> >> "David Berry" wrote:
| > > > >> >> >>
| > > > >> >> >> > Are you getting an error in FrontPage or do you get it when you
| > > > >> >> >> > try
| > > > >> >> >> > it
| > > > >> >> >> > from
| > > > >> >> >> > your web page? If it happens on your site what's the error
| > > > >> >> >> > message?
| > > > >> >> >> > Is
| > > > >> >> >> > "The custom query contains errors" the exact error you're
| > > > >> >> >> > getting?
| > > > >> >> >> > Did
| > > > >> >> >> > you
| > > > >> >> >> > install the latest Service Pack?
| > > > >> >> >> >
| > > > >> >> >> > Dave
| > > > >> >> >> >
| > > > >> >> >> > --
| > > > >> >> >> > David Berry - MCP
| > > > >> >> >> > Microsoft MVP - FrontPage
| > > > >> >> >> > FrontPage Support:
http://www.frontpagemvps.com/
| > > > >> >> >> > -----------------------------------
| > > > >> >> >> > To assist you in getting the best answers for FrontPage support
| > > > >> >> >> > see:
| > > > >> >> >> >
http://www.frontpagemvps.com/FrontPageNewsGroups/tabid/53/Default.aspx
| > > > >> >> >> > -----------------------------------
| > > > >> >> >> >
| > > > >> >> >> > | > > > >> >> >> > >I have a database that I have been using for over a year without
| > > > >> >> >> > >any
| > > > >> >> >> > > problems. Just recently I get this error when I open any
| > > > >> >> >> > > update
| > > > >> >> >> > > page
| > > > >> >> >> > > in
| > > > >> >> >> > > frontpage 2003. I have not changed the query at all and now I
| > > > >> >> >> > > get
| > > > >> >> >> > > this
| > > > >> >> >> > > error. None of the pages will updtate now. I had this problem
| > > > >> >> >> > > with
| > > > >> >> >> > > FP
| > > > >> >> >> > > 2002
| > > > >> >> >> > > and had to copy a new fpdbrgn1.inc to the web to get it to work
| > > > >> >> >> > > again. FP
| > > > >> >> >> > > 2003 was to fix this, its back again in 2003. Any help is
| > > > >> >> >> > > appreciated.
| > > > >> >> >> > >
| > > > >> >> >> > > The cusom querry contains errors
| > > > >> >> >> > >
| > > > >> >> >> > > UPDATE TBLLicense
| > > > >> >> >> > > SET
| > > > >> >> >> > > LCertificateHeld='::LCertificateHeld::',
| > > > >> >> >> > > LCertPrefix='::LCertPrefix::',
| > > > >> >> >> > > LCertNumber='::LCertNumber::',
| > > > >> >> >> > > LCertExpireDate='::LCertExpireDate::',
| > > > >> >> >> > > LVAEndorcement='::LVAEndorcement::',
| > > > >> >> >> > > LAppliedForVALic='::LAppliedForVALic::',
| > > > >> >> >> > > LVALicDateApplied='::LVALicDateApplied::',
| > > > >> >> >> > > LOtherState1='::LOtherState1::',
| > > > >> >> >> > > LOtherStateExp1='::LOtherStateExp1::',
| > > > >> >> >> > > LOtherStateEndorcements1='::LOtherStateEndorcements1::',
| > > > >> >> >> > > LOtherState2='::LOtherState2::',
| > > > >> >> >> > > LOtherStateExp2='::LOtherStateExp2::',
| > > > >> >> >> > > LOtherStateEndorcements2='::LOtherStateEndorcements2::',
| > > > >> >> >> > > LPraxis2Score1='::LPraxis2Score1::',
| > > > >> >> >> > > LPraxis1MathTestCode='::LPraxis1MathTestCode::',
| > > > >> >> >> > > LPraxis1MathScore='::LPraxis1MathScore::',
| > > > >> >> >> > > LPraxis1ReadTestCode='::LPraxis1ReadTestCode::',
| > > > >> >> >> > > LPraxis1ReadScore='::LPraxis1ReadScore::',
| > > > >> >> >> > > LPraxis1WriteTestCode='::LPraxis1WriteTestCode::',
| > > > >> >> >> > > LPraxis1WriteScore='::LPraxis1WriteScore::',
| > > > >> >> >> > > LPraxis1CompositeScore='::LPraxis1CompositeScore::',
| > > > >> >> >> > > LPraxis2SpecialtyArea1='::LPraxis2SpecialtyArea1::',
| > > > >> >> >> > > LPraxis2TestCode1='::LPraxis2TestCode1::',
| > > > >> >> >> > > LPraxis2SpecialtyArea2='::LPraxis2SpecialtyArea2::',
| > > > >> >> >> > > LPraxis2TestCode2='::LPraxis2TestCode2::',
| > > > >> >> >> > > LPraxis2Score2='::LPraxis2Score2::'
| > > > >> >> >> > > WHERE uemail='::uemail::'
| > > > >> >> >> >
| > > > >> >> >> >
| > > > >> >> >> >
| > > > >> >>
| > > > >> >>
| > > > >> >>
| > > > >>
| > > > >>
| > > > >>
| > > >
| > > >
| > > >
