92
I have a rather simple website, which has some SQL embedded in the ASP to write user data to the underlying mdb database.
The first SQL statement looks up all the records in the database to help produce the required output which is a single string value which is the Customer's Order to be made in store for pickup. The second is to write the string into the database, and keeps shouting about a syntax error in the INSERT INTO statement. I however, cannot for the life of me find one.
I am more than aware that this is very poorly written and has absolutely no security features etc but they aren't necessary at the moment. All I need to know is how to get the Order in to the Database.
It is to be written to 'tblorder' into the fields 'username' and 'order' - both of which are text fields.
The database is properly shared and can be written to elsewhere on the site. The username comes from the username that is stored in the cookie 'UserName' and the product name from the recordset through indexing.
The String value is generated correctly, it just won't insert into the database.
Many Thanks,
NDayave
Expand|Select|Wrap|Line Numbers
- <html>
- <head>
- <style>
- body{background: white)
- </style>
- <link rel="stylesheet" type="text/css" href="Main.css">
- <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
- <title>Our Products</title>
- </head>
- <body>
- <%
- if request.cookies("UserName")="" then
- response.write("<P align='Center'>You must be logged in to order from this page, please click <a target=Main href=login.asp>here</a> to log in, or click<a target=Main href=new_user.asp> here </a> if you are new to this site.</P>")
- else
- Dim Conn, Rs, sql
- Set Conn = Server.CreateObject("ADODB.Connection")
- Set Rs = Server.CreateObject("ADODB.Recordset")
- Conn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("HeyPesto.mdb")
- sql= "SELECT * FROM tblproducts;"
- Rs.Open sql, Conn
- dim index, order
- index = 1
- order = ""
- do While not Rs.EOF
- If request.form("amount" & index) > 0 Then
- order = order & request.cookies("UserName") & Rs("name") & request.form("amount" & index)
- end if
- Rs.MoveNext
- index = index + 1
- loop
- Response.Write(order)
- Dim connorder, strConnorder, Rsorder
- Set connorder = Server.CreateObject("ADODB.Connection")
- strConnorder = "Provider=Microsoft.Jet.OLEDB.4.0; " & _
- "Data Source=" & Server.MapPath("HeyPesto.mdb") & "; " & _
- "User ID=; Password="
- connorder.Open strConnorder
- Set Rsorder = connorder.Execute ("INSERT INTO tblorder(username,order) VALUES (" & request.cookies("UserName") & "','" & order & "')" )
- Rs.Close
- Set Rs = Nothing
- Set Conn = Nothing
- Rsorder.Close
- Set Rsorder = Nothing
- Set Connorder = Nothing
- end if
- %>
- </body>
- </html>
