David wrote:
Hi,
I have an asp page for which I am trying to update a record, but keep
getting errors in my SQL:::::
todate = request.form("todate")
notes = request.form("notes")
job = Session("JOB_ADJ")
sid = Session("SID")
dt=date()
yy = Year(dt)
mm = Month(dt)
dd = Day(dt)
v_date = yy & "/" & mm & "/" & dd
ShipD=todate
yy = Year(ShipD)
mm = Month(ShipD)
dd = Day(ShipD)
S_date = yy & "/" & mm & "/" & dd
uSQL = "SELECT * FROM PCBForecast WHERE PCBForecastID = " &
Session("SID") & ""
Set RS = adoDataConn.Execute(uSQL)
sql = "UPDATE PCBForecast"
sql = sql & " SET ShipQty = " & RS("ShipQty") & ","
sql = sql & " ShipETA = " & S_date & ","
sql = sql & " Notes = '" & RS("Notes") & "',"
sql = sql & " Entrydate = " & v_date & ","
sql = sql & " WHERE PCBForecastID = "&sid&""
set RS2 = adoDataConn.Execute(sql)
What is wrong with the above code ?
I can't tell. Here is a list of the things you did not tell us:
1. database type and version
2. Datatypes of the fields involved in that update statement
3. The result of that string concatenation - we cannot debug a sql statement
without knowing what it is. You need to find out what it is by using
"response.write sql", running the page, and looking at the statement in the
browser window. This is usually enough to determine the problem. If not, you
should copy the statement from the browser window and use the query
execution tool of whatever database you are using to attempt to run it - you
will usually get a more informative error message. if your database's query
execution tool provides a query builder, then use the query builder to
create a statement that does what you want this statement to do, and compare
the result with the statement you built in your vbscript code. If none of
this helps, provide the information I requested in a followup post.
Further points to consider:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/...e36562fee7804e
Personally, I prefer using stored procedures,
SQL Server:
http://groups.google.com/group/micro...9dc1701?hl=en&
or saved parameter queries as they are known in Access:
Access:
http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl http://groups.google.com/groups?hl=e...tngp13.phx.gbl
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
