473,766 Members | 2,055 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Incorrect syntax near the keyword 'WHERE'.

Any Ideas as to this error message. I am trying to learn using ms sql
server 7.0

Below is the code I am using for an update to a MS Sql Database.

<%@ Language=VBScri pt %>
<% Option Explicit %>

<html>
<head>
<title>Sample Script 2 - Part 3 </title>
<!-- copyright MDFernandez --->
<link rel="stylesheet " type="text/css" href="../part3sol/style.css">
</head>
<body bgcolor="#FFFFF F">
<!--#include virtual="/adovbs.inc"-->

<center>
<%

Dim oRS
Dim Conn

Dim Id
Dim Name
Dim StreetAddress
Dim City
Dim State
Dim Zip
Dim PhoneNumber
dim sql

Id = request.form("I d")
Name = request.form("N ame")
StreetAddress = request.form("S treetAddress")
City = request.form("C ity")
State = request.form("S tate")
Zip = request.form("Z ip")
PhoneNumber = request.form("P honeNumber")
Set Conn = Server.CreateOb ject("ADODB.Con nection")
Conn.open =("DRIVER=SQL Server;SERVER=( local);UID=;APP =AspRunner
Professional
Application;WSI D=COMPAQAM;DATA BASE=FriendsCon tactInfo;Truste d_Connection=Ye s")
'Conn.Open
sql="update FPFriends"
sql=sql & " set Name='" & Name & "',"
sql=sql & "StreetAddress= '" & StreetAddress & "',"
sql=sql & "Ciy='" & City & "',"
sql=sql & "State='" & State & "',"
sql=sql & "Zip='" & Zip & "',"
sql=sql & "PhoneNumbe r='" & PhoneNumber & "',"
sql=sql & " WHERE Id=" & Id

set oRS=Conn.Execut e (sql)
response.write "<font face='arial' size=4>"
response.write "<br><br>Th e record has been updated."
response.write "</b></font>"
' close the connection to the database
Conn.Close
%>
<!-- don't include in sample code display --->
<form>
<input type="button" value=" Close This Window "
onClick="window .location='abou tus.htm'"><br>
<button onClick="window .location='menu 1_1.asp'">Updat e another
record</button>

</form>

</center>
</body>
</html>

Mar 10 '07 #1
1 13969
sql=sql & "PhoneNumbe r='" & PhoneNumber & "',"

It looks like the syntax error is due to the extraneous comma after the last
column.

I strongly suggest you google 'SQL injection'. Your current code will allow
a hacker can execute any arbitrary SQL statement. The best protection
against injection is to use parameterized SQL statements, stored procedures
and validate user input. Never build a SQL Statement string by
concatenating user input values. The example below uses a parameterized
UPDATE statement via OLEDB:

Const adParamInput = 1
Const adInteger = 3
Const adVarChar = 200

Set Conn = CreateObject("A DODB.Connection ")
Set Command = CreateObject("A DODB.Command")

Conn.Open _
"Provider=SQLOL EDB;" & _
"Data Source=(local); " & _
"Integrated Security=SSPI;" & _
"Initial Catalog=Friends ContactInfo;" & _
"App=AspRun ner Professional Application"

Command.ActiveC onnection = Conn

Command.Command Text = _
" UPDATE dbo.FPFriends" & _
" SET" & _
" Name=?," & _
" StreetAddress=? ," & _
" Ciy=?," & _
" State=?," & _
" Zip=?," & _
" PhoneNumber=?" & _
" WHERE Id=?"

Set parameter = Command.CreateP arameter( _
"Name", _
adVarChar, _
adParamInput, _
30)
parameter.Value = Name
Command.Paramet ers.Append parameter

Set parameter = Command.CreateP arameter( _
"StreetAddress" , _
adVarChar, _
adParamInput, _
30)
parameter.Value = StreetAddress
Command.Paramet ers.Append parameter

Set parameter = Command.CreateP arameter( _
"City", _
adVarChar, _
adParamInput, _
30)
parameter.Value = City
Command.Paramet ers.Append parameter

Set parameter = Command.CreateP arameter( _
"State", _
adVarChar, _
adParamInput, _
2)
parameter.Value = State
Command.Paramet ers.Append parameter

Set parameter = Command.CreateP arameter( _
"Zip", _
adVarChar, _
adParamInput, _
5)
parameter.Value = Zip
Command.Paramet ers.Append parameter

Set parameter = Command.CreateP arameter( _
"PhoneNumbe r", _
adVarChar, _
adParamInput, _
15)
parameter.Value = PhoneNumber
Command.Paramet ers.Append parameter

Set parameter = Command.CreateP arameter( _
"Id", _
adInteger, _
adParamInput)
parameter.Value = Id
Command.Paramet ers.Append parameter

Command.Execute

Conn.Close

--
Hope this helps.

Dan Guzman
SQL Server MVP

"DaveF" <je****@excite. comwrote in message
news:11******** **************@ t69g2000cwt.goo glegroups.com.. .
Any Ideas as to this error message. I am trying to learn using ms sql
server 7.0

Below is the code I am using for an update to a MS Sql Database.

<%@ Language=VBScri pt %>
<% Option Explicit %>

<html>
<head>
<title>Sample Script 2 - Part 3 </title>
<!-- copyright MDFernandez --->
<link rel="stylesheet " type="text/css" href="../part3sol/style.css">
</head>
<body bgcolor="#FFFFF F">
<!--#include virtual="/adovbs.inc"-->

<center>
<%

Dim oRS
Dim Conn

Dim Id
Dim Name
Dim StreetAddress
Dim City
Dim State
Dim Zip
Dim PhoneNumber
dim sql

Id = request.form("I d")
Name = request.form("N ame")
StreetAddress = request.form("S treetAddress")
City = request.form("C ity")
State = request.form("S tate")
Zip = request.form("Z ip")
PhoneNumber = request.form("P honeNumber")
Set Conn = Server.CreateOb ject("ADODB.Con nection")
Conn.open =("DRIVER=SQL Server;SERVER=( local);UID=;APP =AspRunner
Professional
Application;WSI D=COMPAQAM;DATA BASE=FriendsCon tactInfo;Truste d_Connection=Ye s")
'Conn.Open
sql="update FPFriends"
sql=sql & " set Name='" & Name & "',"
sql=sql & "StreetAddress= '" & StreetAddress & "',"
sql=sql & "Ciy='" & City & "',"
sql=sql & "State='" & State & "',"
sql=sql & "Zip='" & Zip & "',"
sql=sql & "PhoneNumbe r='" & PhoneNumber & "',"
sql=sql & " WHERE Id=" & Id

set oRS=Conn.Execut e (sql)
response.write "<font face='arial' size=4>"
response.write "<br><br>Th e record has been updated."
response.write "</b></font>"
' close the connection to the database
Conn.Close
%>
<!-- don't include in sample code display --->
<form>
<input type="button" value=" Close This Window "
onClick="window .location='abou tus.htm'"><br>
<button onClick="window .location='menu 1_1.asp'">Updat e another
record</button>

</form>

</center>
</body>
</html>
Mar 10 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
14194
Incorrect syntax near the keyword 'Declare'.
by: Jeff Magouirk | last post by:
Dear Group, I am trying to create a view and keep getting the Incorrect syntax near the keyword 'Declare'" error. Here is the code I am writing. Create view fixed_airs (sid, fad_a2, fad_a3) as Declare @sid int, @fad_a2 int,
Microsoft SQL Server
11
7109
Incorrect syntax near the keyword 'DEFAULT'
by: Mark Findlay | last post by:
Hello Experts! I am attempting to use the OleDbCommand.ExecuteScaler() function within my ASP.NET C# web page to perform a simple validation, but receive the following error: "Incorrect syntax near the keyword 'DEFAULT'" The form has 2 fields on it, called tb_username and tb_password. (see code snippet below).
C# / C Sharp
2
10845
Incorrect syntax near the keyword 'THEN'
by: ielmrani via SQLMonster.com | last post by:
Hi Everyone, I really tried to not post this question but I gave up. I tried brackets, parenth...etc but nothing worked. I get this error message: Incorrect syntax near the keyword 'THEN'. Please help, I am learning SQL Server. thanks in advance. Ismail use mis select CLAIM_DETAILS_HCVW.INTEREST, CLAIM_DETAILS_HCVW.NET, CLAIM_HMASTERS_VS.
Microsoft SQL Server
0
1893
Incorrect Syntax near the keyword INNER
by: netone | last post by:
I am developing site using dot NET.... when I use this sql query Dim mydata As String = "SELECT director.applno, district.distName, disabappl.recvddate_sdo, disabappissue.IDCardNo, director.dreceived_director" _ & " FROM director INNER JOIN disabappl ON director.applno = disabappl.applno INNER JOIN " _ & " district ON disabappl.submitted_dist = district.dist_cd INNER JOIN" _ &...
.NET Framework
3
28922
Incorrect syntax near the keyword 'FROM'
by: wallic | last post by:
Hello, This is my first post and I am a beginner with SQL code. The code below is supposed to update a new table (loctable) with a calculated value based on the original table (hra_data). There are 3 possibilities in the hra_data table that will cause the loctable to be updated with the calculated value. After playing with it, I thought it was in the correct format but I keep getting an "Incorrect syntax..." error. Any guidence would be...
Microsoft SQL Server
0
8327
Incorrect syntax near '-'.Must declare the scalar variable "@UserName
by: roamnet | last post by:
hi i created database file with .mdf extention ,sql server as a source and use grid view to display data there're no problem in data retrieve and display,but i want to edit it or insert new records there is an error "Incorrect syntax near '-'. Must declare the scalar variable "@UserName". I worked out in design view,code is automatically generated.Iam not able fix the error. Iam working with Visual Web Developer-2005 Express Edition
ASP.NET
1
3360
mssql 2005, paging query, incorrect syntax near "WHERE", "WITH"
by: itamar82 | last post by:
I am getting the following error: Microsoft OLE DB Provider for SQL Server error '80040e14' Incorrect syntax near the keyword 'WHERE'. for the sql below: SELECT TourId FROM (SELECT ROW_NUMBER() OVER (ORDER BY BaseTours.DateCreated DESC) AS RowNumber
ASP / Active Server Pages
3
15848
Incorrect syntax near the keyword 'AS'.
by: Skillman | last post by:
Hi Everybody, I'm beginer in SQL and was wonder if anybody could take a look at this and help me. I got this error, and not sure how to fix it. This is the error: Msg 156, Level 15, State 1, Line 6 Incorrect syntax near the keyword 'AS'. Any help so much appreciated with as(
Microsoft SQL Server
10
3424
Incorrect syntax near the keyword 'where'
by: arial | last post by:
Hi, I am getting this error message: Incorrect syntax near the keyword 'where'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'where'. Source Error:
.NET Framework
1
6264
Incorrect syntax near the keyword 'user'
by: karenkksh | last post by:
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'user'. Source Error: Line 35: MyAdapter1 = new SqlDataAdapter(MyCommand1); Line 36: MyDataSet1 = new DataSet(); Line 37: ...
.NET Framework
0
9404
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10168
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10008
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9959
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
1
7381
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6651
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5423
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3532
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2806
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us