Hello. I have a sql statement that should get all the records that match a
specific criteria; every record are assigned a textvalue like 12_2006 (as
for example this particular month, december 2006). I also have a drop-down
menu on this page where to filter which month should be shown on the page
based on these (text)values by request.queryst ring.
The problem is that (I guess) the value passed by the request.queryst ring
are of wrong format to the textfield in the table. Anyway, the error I get
is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in query expression
'12_2006 = 12_2006'.
Here's the sql code:
<%
Dim rs_fakturalista __manad_ar
rs_fakturalista __manad_ar = month(now) & "_" & year(now)
If (request.querys tring("manad_ar ") <"") Then
rs_fakturalista __manad_ar = request.queryst ring("manad_ar" )
End If
%>
<%
Dim rs_fakturalista
Dim rs_fakturalista _numRows
Set rs_fakturalista = Server.CreateOb ject("ADODB.Rec ordset")
rs_fakturalista .ActiveConnecti on = MM_conn_test_ST RING
rs_fakturalista .Source = "SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + " = " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
rs_fakturalista .CursorType = 0
rs_fakturalista .CursorLocation = 2
rs_fakturalista .LockType = 1
rs_fakturalista .Open()
rs_fakturalista _numRows = 0
%>
I tried to dim rs_fakturalista __manad_ar as string but then I get
Expected end of statement :(
Anybody could help me with this?
6  2048 
"Jen" <je*@hoganmail. comwrote in message
news:ee******** ******@TK2MSFTN GP04.phx.gbl...
Hello. I have a sql statement that should get all the records that match a
specific criteria; every record are assigned a textvalue like 12_2006 (as
for example this particular month, december 2006). I also have a drop-down
menu on this page where to filter which month should be shown on the page
based on these (text)values by request.queryst ring.
The problem is that (I guess) the value passed by the request.queryst ring
are of wrong format to the textfield in the table. Anyway, the error I get
is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in query expression
'12_2006 = 12_2006'.
Strings in SQL statements passed to Access should be delimited with
apostrophes. So the comparison for your WHERE clause should read like this:
'12_2006'='12_2 006'
--
Mike Brind
Strings in SQL statements passed to Access should be delimited with
apostrophes. So the comparison for your WHERE clause should read like
this:
'12_2006'='12_2 006'
--
Mike Brind
Changed the sql to:
rs_fakturalista .Source = "SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + "'" + "=" + "'" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
but now I get: [Microsoft][ODBC Microsoft Access Driver] Syntax error in
query expression '12_2006'='12_2 006'.
Jen wrote:
>Strings in SQL statements passed to Access should be delimited with
apostrophes. So the comparison for your WHERE clause should read
like this:
'12_2006'='12_ 2006'
--
Mike Brind
Changed the sql to:
rs_fakturalista .Source = "SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + "'" + "=" + "'" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
but now I get: [Microsoft][ODBC Microsoft Access Driver] Syntax error
in query expression '12_2006'='12_2 006'.
We cannot debug sql statements without seeing them. Good programming
practice involves assigning the statement to a variable: there is no
need to set the recordset's Source property directly. Assigning the
statement to a variable makes troubleshooting easier. Like this:
sql="SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + "'" + "=" + "'" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
Response.Write sql
Response.End
set rs_fakturalista = con.Execute(sql ,,1)
Run the page and look at the resulting sql statement in the browser
window. If you have built it correctly, you should be able to copy it
from the browser window, open your database in Access, paste it into the
SQL View of a Query Builder window and run it without modification
(unless wildcards are involved). Once you have a good sql statement,
comment out the response.write and response.end statements.
If you still cannot figure it out, show us the resulting sql statement,
as well as providing a few details about the faktura table (field names
and datatypes). This statement you are trying to run is very puzzling.
As written, it will return ALL the records in your table. You don't have
a field named "12_2006" do you? If so, this indicates poor database
design, given that you will need to modify the table design every year,
as well as modifying your application code. A better design involves
storing the data (month and year) in cells, not in metadata. IOW, you
should have a table to store month, year and data, each month comprising
its own row in the table.
Further points to consider:
Despite your good practice of using Replace to escape the apostrophes in
the data, your use of dynamic sql is leaving you vulnerable to hackers
using sql
injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers: http://groups-beta.google.com/group/...e36562fee7804e
Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:
Access: http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl http://groups.google.com/groups?hl=e...tngp13.phx.gbl
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
We cannot debug sql statements without seeing them. Good programming
practice involves assigning the statement to a variable: there is no
need to set the recordset's Source property directly. Assigning the
statement to a variable makes troubleshooting easier. Like this:
sql="SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + "'" + "=" + "'" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
Response.Write sql
Response.End
set rs_fakturalista = con.Execute(sql ,,1)
Run the page and look at the resulting sql statement in the browser
window. If you have built it correctly, you should be able to copy it
from the browser window, open your database in Access, paste it into the
SQL View of a Query Builder window and run it without modification
(unless wildcards are involved). Once you have a good sql statement,
comment out the response.write and response.end statements.
If you still cannot figure it out, show us the resulting sql statement,
as well as providing a few details about the faktura table (field names
and datatypes). This statement you are trying to run is very puzzling.
As written, it will return ALL the records in your table. You don't have
a field named "12_2006" do you? If so, this indicates poor database
design, given that you will need to modify the table design every year,
as well as modifying your application code. A better design involves
storing the data (month and year) in cells, not in metadata. IOW, you
should have a table to store month, year and data, each month comprising
its own row in the table.
Further points to consider:
Despite your good practice of using Replace to escape the apostrophes in
the data, your use of dynamic sql is leaving you vulnerable to hackers
using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/...e36562fee7804e
Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:
Access:
http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl
http://groups.google.com/groups?hl=e...tngp13.phx.gbl
I honestly don't understand your answer, my english nor programming skills
are good enough. I'm sorry.
In Access, this sql statement filters the recordset so that only records
with the value 12_2006 in the (text)field manad_ar are shown:
SELECT faktura.Faktura _ID, etc, etc, etc, etc
FROM faktura
WHERE (((faktura.mana d_ar)="12_2006" ));
The last part "12_2006" should be transformed to a request.queryst ring
statement in an asp page. If the url would be http://www.page?ar_manad=11_2006 then only records with the value 11_2006 in
the (text)field manad_ar would be shown. And this is my problem, don't know
how to do it.
Jen.
Jen wrote:
>
I honestly don't understand your answer, my english nor programming
skills are good enough. I'm sorry.
In Access, this sql statement filters the recordset so that only
records with the value 12_2006 in the (text)field manad_ar are shown:
SELECT faktura.Faktura _ID, etc, etc, etc, etc
FROM faktura
WHERE (((faktura.mana d_ar)="12_2006" ));
So, let's go step-by-step. The above is the sql statement you need to
execute in the database, correct? So when you build the sql statement in
vbscript, and use response.write to write it to response, that statement
is what you should see in the browser. So let's go back to this:
sql="SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + "'" + "=" + "'" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
Response.Write sql
Response.End
set rs_fakturalista = con.Execute(sql ,,1)
Run this page and compare what you see in the browser window to the
statement that works. It is not the same, is it? it probably looks more
like this:
SELECT *
FROM faktura
WHERE 12_2006'='12_20 06'
Correct? But that's not the statement you want to execute, is it? So you
need to change your vbscript statement so that it creates it correctly.
Start by doing this:
sql="SELECT * FROM faktura WHERE manad_ar='" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
Response.Write sql
Response.End
set rs_fakturalista = con.Execute(sql ,,1)
Run the page.
Look at the resulting statement in the browser window.
Highlight and copy it to the clipboard.
Open your database in Access.
Clink into the Queries tab.
Click the button to create a new query in Design View
Close the Choose Tables dialog without selecting any tables
Switch to SQL View
Paste in the statement from the clipboard and attempt to run it
If it runs as expected, close Access, go back to the vbscript code and
comment out the Response.Write and Response.End statements.
If it does not run correctly, you will probably get a more informative
error message in Access than the one delivered by ADO. if you still
can't figure it out, post it back here.
When you are more comfortable with programming, go back and read the
links I provided about preventing sql injection. It's important.
Here are th
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
So, let's go step-by-step. The above is the sql statement you need to
execute in the database, correct? So when you build the sql statement in
vbscript, and use response.write to write it to response, that statement
is what you should see in the browser. So let's go back to this:
sql="SELECT * FROM faktura WHERE " +
Replace(rs_fakt uralista__manad _ar, "'", "''") + "'" + "=" + "'" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
Response.Write sql
Response.End
set rs_fakturalista = con.Execute(sql ,,1)
Run this page and compare what you see in the browser window to the
statement that works. It is not the same, is it? it probably looks more
like this:
SELECT *
FROM faktura
WHERE 12_2006'='12_20 06'
Correct? But that's not the statement you want to execute, is it? So you
need to change your vbscript statement so that it creates it correctly.
Start by doing this:
sql="SELECT * FROM faktura WHERE manad_ar='" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""
Response.Write sql
Response.End
set rs_fakturalista = con.Execute(sql ,,1)
Run the page.
Look at the resulting statement in the browser window.
Highlight and copy it to the clipboard.
Open your database in Access.
Clink into the Queries tab.
Click the button to create a new query in Design View
Close the Choose Tables dialog without selecting any tables
Switch to SQL View
Paste in the statement from the clipboard and attempt to run it
If it runs as expected, close Access, go back to the vbscript code and
comment out the Response.Write and Response.End statements.
If it does not run correctly, you will probably get a more informative
error message in Access than the one delivered by ADO. if you still
can't figure it out, post it back here.
When you are more comfortable with programming, go back and read the
links I provided about preventing sql injection. It's important.
Thank you so much Bob, I got it working thanks to your wery good
explanation.
The sql statement that worked is:
"SELECT * FROM faktura WHERE manad_ar='" +
Replace(rs_fakt uralista__manad _ar, "'", "''") + ""+"'" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Mohammed Mazid |
last post by:
Can anyone please help me on how to move to the next and previous
question?
Here is a snippet of my code:
Private Sub cmdNext_Click()
End Sub
Private Sub cmdPrevious_Click()
showrecord
|
by: Stevey |
last post by:
I have the following XML file...
<?xml version="1.0"?>
<animals>
<animal>
<name>Tiger</name>
<questions>
<question index="0">true</question>
<question index="1">true</question>
</questions>
|
by: nospam |
last post by:
Ok, 3rd or is it the 4th time I have asked this question on Partial Types,
so, since it seems to me that Partial Types is still in the design or
development stages at Microsoft, I am going to ask it differently.
FOUR QUESTIONS:
The background:
I got three (3) files
|
by: Ekqvist Marko |
last post by:
Hi,
I have one Access database table including questions and answers. Now
I need to give answer id automatically to questionID column. But I
don't know how it is best (fastest) to do?
table before
rowID answID qryrow questionID datafield
1591 12 06e 06e 06e question
1593 12 06f 06f 06f question
1594 12 answer to the question 06f
|
by: glenn |
last post by:
I am use to programming in php and the way session and post vars are past
from fields on one page through to the post page automatically where I can
get to their values easily to write to a database or continue to process on
to the next page.
I am now trying to learn ASP to see if we can replace some of our
applications that were written in php with an ASP alternative. However,
after doing many searches on google and reading a couple...
| | |
by: Rider |
last post by:
Hi, simple(?) question about asp.net configuration..
I've installed ASP.NET 2.0 QuickStart Sample successfully. But, When I'm
first start application the follow message shown.
=========
Server Error in '/QuickStartv20' Application.
--------------------------------------------------------------------------------
Configuration Error
Description: An error occurred during the processing of a configuration file
|
by: Jeff |
last post by:
In the function below, can size ever be 0 (zero)?
char *clc_strdup(const char * CLC_RESTRICT s)
{
size_t size;
char *p;
clc_assert_not_null(clc_strdup, s);
size = strlen(s) + 1;
|
by: spibou |
last post by:
In the statement "a *= expression" is expression assumed to be
parenthesized ? For example if I write "a *= b+c" is this the same
as "a = a * (b+c)" or "a = a * b+c" ?
|
by: Allan Ebdrup |
last post by:
Hi,
I'm trying to render a Matrix question in my ASP.Net 2.0 page, A matrix
question is a question where you have several options that can all be rated
according to several possible ratings (from less to more for example).
I have a question object that has two properties that contain the
collections Options and Ratings.
now I want this kind of layout:
---
Rating1 Rating2 Rating3
Option 1 () () ...
|
by: Zhang Weiwu |
last post by:
Hello!
I wrote this:
..required-question p:after {
content: "*";
}
Corresponding HTML:
<div class="required-question"><p>Question Text</p><input /></div>
<div class="not-required-question"><p>Question Text</p><input /></div>
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
