I'm having issues witht the code I'm writing. I've dealt with SQL before,
although only for extracting data, not adding it to the database. I've been
intensively learning ASP/ADO over the past week or so. I have a HTML form
that posts data to the following ASP file:
<HTML>
<HEAD>
<TITLE>Sight Bites</TITLE>
</HEAD>
<BODY>
<%
set conn = Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open(Server.Mappath("data/guest.mdb"))
stmt = "INSERT INTO Guest (Name, Location, Date, Email, Website, Comment)"
stmt = stmt & "VALUES ('" & Request.Form("Name") & "', '" &
Request.Form("Location") & "', '" & Date & "', '"
stmt = stmt & Request.Form("Email") & "', '" & Request.Form("Website") &
"', '" & Request.Form("Comment") & "')"
on error resume next
conn.Execute stmt, recaffected
if err<>0 then
response.write "VBScript Errors Occured:" & "<P>"
response.write "Error Number=" & err.number & "<P>"
response.write "Error Descr.=" & err.description & "<P>"
response.write "Help Context=" & err.helpcontext & "<P>"
response.write "Help Path=" & err.helppath & "<P>"
response.write "Native Error=" & err.nativeerror & "<P>"
response.write "Source=" & err.source & "<P>"
response.write "SQLState=" & err.sqlstate & "<P>"
else
Response.Write("Updated!")
end if
conn.Close
%>
<HR/>
<CENTER><H5><I>2003 Ian Griffiths</I></H5></CENTER>
</BODY>
</HTML>
I've run this using IIS, but I always seem to get a systax error in my
INSERT statement, but I can't spot one. Anyone got any pointers?
Cheers,
Ian Griffiths. 3 6769
On Sun, 26 Oct 2003 13:09:41 +0000 (UTC), "Ian Griffiths"
<Ia*********@btopenworld.com> wrote: stmt = "INSERT INTO Guest (Name, Location, Date, Email, Website, Comment)" stmt = stmt & "VALUES ('" & Request.Form("Name") & "', '" & Request.Form("Location") & "', '" & Date & "', '" stmt = stmt & Request.Form("Email") & "', '" & Request.Form("Website") & "', '" & Request.Form("Comment") & "')" I've run this using IIS, but I always seem to get a systax error in my INSERT statement, but I can't spot one. Anyone got any pointers?
Check a couple things...
First off, use Response.Write stmt just before issuing the statement
to SQL. This might show you more.
Next look at the syntax for delimiters on dates using Access
databases. It requires "#" marks for delimiters.
Lastly, take a look at the comments. If they contain single quotes
anywhere in them, this will make the statement fail. For any data that
a user will type in, it is a good idea to "clean" that data by at
least replacing single quotes with two single quotes. This escapes the
single quote and puts it into the data value and does not use it for a
delimiter. For example: If comment was
I'm Thirsty
then your stmt section would be...
....,'http://www.myweb.com','I'm Thirsty')
The single quote in I'm throws everything off.
> stmt = "INSERT INTO Guest (Name, Location, Date, Email, Website,
Comment)" stmt = stmt & "VALUES ('" & Request.Form("Name") & "', '" &
I imagine 'date' is a reserved word in Jet SQL, and possibly 'name' and
some of the others too. In Jet SQL you can use a [...] syntax around
table/column names to use reserved words, but these probably aren't good
choices for column names anyway.
MightyC
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/03
> First off, use Response.Write stmt just before issuing the statement to SQL. This might show you more.
I would echo this. Output your SQL string, which you can then test in
Access's Query Builder to test the validity of the SQL. Then you can work
backwards to your ASP code.
Lastly, take a look at the comments. If they contain single quotes anywhere in them, this will make the statement fail. For any data that a user will type in, it is a good idea to "clean" that data by at least replacing single quotes with two single quotes. This escapes the single quote and puts it into the data value and does not use it for a delimiter. For example: If comment was
I'm Thirsty
then your stmt section would be...
...,'http://www.myweb.com','I'm Thirsty')
The single quote in I'm throws everything off.
Rather than inserting to single quotes, you might conder just filtering them
out.
This improves the security of yout site, by reducing the risk of attack via
SQL Injection: http://www.nextgenss.com/papers/adva..._injection.pdf
This article explains it much better than I ever could...
hth
Chris This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Venus |
last post by:
Hi all,
Newbie here!!
I have 4 forms(A,B,C,D) and a thank you page for my questionnaire.
People will be redirected to B or C depending on the last question's
answer. B or C will redirect to D...
|
by: Terry |
last post by:
I've tried and tried, and thought I had it figured out, but still the
results indicate that I'm wrong.
Help is appreciated. I'm merely trying to grab a value from a form and
insert it into a...
|
by: Gunnar Kristiansen |
last post by:
Hi!
I have a form page which I am using as a frontend for my MySql database
(for writing news). I do miss the functionality of a few buttons that
could help me insert HTML tags etc, into my main...
|
by: Bill |
last post by:
I'm having what seems to me to be an odd problem. Perhaps there is some
explanation, but don't know at this point. Basically I have a form that
tracks memberships and donations. The main form...
|
by: Abareblue |
last post by:
I have no clue on how to insert a record into access. here is the whole
thing
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
|
by: Rick Spiewak |
last post by:
I need to generate a "buy" button as part of an ASP.NET page - this consists
of a small HTML form with hidden fields, conforming to the requirements of a
merchant credit card processor. PayPal is...
|
by: Chuck |
last post by:
Can the SQL code from an Append query be inserted into the form module?
The form module currently has a DoCmd Run Macro statement.
The Macro opens the Append query which runs correctly.
I'm trying...
|
by: billypit |
last post by:
Hi,
In my project i have one table production.Now i have to make application in which i have to insert new data in table by fields of form made in access.I don't know how to use form field's values...
|
by: BenRatcliffe |
last post by:
Hi there,
I was wondering if anyone could help me. I have a comlpex database with a number of forms that have data entered on them and then saved into the correct table etc. In this instance I am...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |