Grayscale wrote:
Hello,
When I execute the code below, I get:
"Microsoft JET Database Engine (0x80040E10)
No value given for one or more required parameters." error message in
the first line.
Rs.Open "SELECT * From Unvanlar WHERE Unvan = " & kayit8, Con, 3,3
If rs.EOF Then
Con.Execute ("INSERT INTO Unvanlar (Unvan) VALUES
('"&kayit8&"')"),,129
the syntax here is incorrect - see below:
End If
Rs.Close
The variable is string and the field in access table is text. I'm sure
that field names in the code and table are correct as well.
What can I do to solve that?
You cannot solve ssql syntax issues without seeing the actual sql statements
being executed by the database. That means you need to see the result of
your concatenations:
sql="SELECT * From Unvanlar WHERE Unvan = " & kayit8
response.write sql
rs.open sql, Con, 3,3
....
sql="INSERT INTO Unvanlar (Unvan) VALUES ('" & kayit8 & "')"
response.write sql
Con.Execute (sql,,129)
You will, of course, comment out the response.write statements when
everything is running correctly.
I believe fixing the syntax of your Execute call should solve your problem
so I will leave you with this:
Further points to consider:
You use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/...e36562fee7804e
Personally, I prefer using stored procedures, or saved parameter queries as
they are known in Access:
Access:
http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl http://groups.google.com/groups?hl=e...tngp13.phx.gbl
Bob barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
