ASP Database error
am 16.06.2007 14:36:06 von Chen Leikehmacher
Hi.
I'm currently working on a project for highschool and I'm creating a
website. I am currently on the works of achieving connection to the database
but I seem to get an error everytime I try to run the ASP. Here is the
error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in INSERT INTO
statement.
/MyWeb/insert.asp, line 18
So, I went to the internet and read that the problem is that I used a
reserved word, which I was(password). And so I changed it, on both the
access table and the code itself, and it seems that nothing has changed for
i got the same error again., and I don't know what to do anymore.
Here are the codes:
<%
dim sq
dim f
dim p
dim path
f=Request.Form("fMn")
p=Request.Form("psW")
sq="insert into users(urI,psW) values("&f&","&p&")"
set con=Server.CreateObject("ADODB.Connection")
con.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
Server.MapPath("data/MyData.mdb")
con.execute(sq)
%>
Please help me =(.
Re: ASP Database error
am 16.06.2007 15:06:25 von Bob Lehmann
>> sq="insert into users(urI,psW) values("&f&","&p&")"
Should be -
sq="insert into users(urI,psW) values('"&f&"','"&p&"')"
Bob Lehmann
"Chen Leikehmacher" wrote in message
news:OMs7pLBsHHA.3628@TK2MSFTNGP02.phx.gbl...
> Hi.
>
> I'm currently working on a project for highschool and I'm creating a
> website. I am currently on the works of achieving connection to the
database
> but I seem to get an error everytime I try to run the ASP. Here is the
> error:
> Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
>
> [Microsoft][ODBC Microsoft Access Driver] Syntax error in INSERT INTO
> statement.
>
> /MyWeb/insert.asp, line 18
>
> So, I went to the internet and read that the problem is that I used a
> reserved word, which I was(password). And so I changed it, on both the
> access table and the code itself, and it seems that nothing has changed
for
> i got the same error again., and I don't know what to do anymore.
>
> Here are the codes:
>
> <%
>
> dim sq
>
> dim f
>
> dim p
>
> dim path
>
>
> f=Request.Form("fMn")
>
> p=Request.Form("psW")
>
> sq="insert into users(urI,psW) values("&f&","&p&")"
>
> set con=Server.CreateObject("ADODB.Connection")
>
> con.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
> Server.MapPath("data/MyData.mdb")
>
> con.execute(sq)
>
>
> %>
>
>
>
> Please help me =(.
>
>
>
>
Re: ASP Database error
am 16.06.2007 15:27:08 von reb01501
Chen Leikehmacher wrote:
> sq="insert into users(urI,psW) values("&f&","&p&")"
>
> set con=Server.CreateObject("ADODB.Connection")
>
> con.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
> Server.MapPath("data/MyData.mdb")
>
> con.execute(sq)
>
Bob handled your delimiter mistake, so let me comment on some other issues
with your code.
1. First, do yourself and whoever maintains yor code after you a favor and
use whitespace:
....(" & f & "," & ... instead of ...("&f&","&...
When I first tried to read your code, I got the impression that you were
tring to insert data containing the ampersands into the database, rather
than attempting concatenation.
2. Use a native OLE DB provider instead of the generic ODBC provider:
http://www.aspfaq.com/show.asp?id=2126
3. Use the third argument of the Execute statement to tell ADO that you are
passing a string containing a sql statement to be executed (adCmdText) and,
in this case, that you do not want ADO to create a recordset given that your
sql statement does not return records (adExecuteNoRecords). Here is how:
con.execute sql,,129
or
const adCmdText=1
const adExecuteNoRecords = 128
con.execute sql,,adCmdText + adExecuteNoRecords
1. And, most importantly:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetser ver.asp.db/msg/72e36562fee7804e
Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:
Access:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&sel m=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gbl
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1& selm=eHYxOyvaDHA.4020%40tk2msftngp13.phx.gbl
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Re: ASP Database error
am 16.06.2007 16:31:37 von Chen Leikehmacher
Thanks so much. You help has helped me progress, however now I have a new
problem. This error appear: Operation must use an updateable query.
I haven't quite understood what was asaid about it on the internet.
Please help me =(.
"Bob Lehmann" wrote in message
news:edXS5aBsHHA.4020@TK2MSFTNGP05.phx.gbl...
>>> sq="insert into users(urI,psW) values("&f&","&p&")"
>
> Should be -
> sq="insert into users(urI,psW) values('"&f&"','"&p&"')"
>
>
> Bob Lehmann
>
> "Chen Leikehmacher" wrote in message
> news:OMs7pLBsHHA.3628@TK2MSFTNGP02.phx.gbl...
>> Hi.
>>
>> I'm currently working on a project for highschool and I'm creating a
>> website. I am currently on the works of achieving connection to the
> database
>> but I seem to get an error everytime I try to run the ASP. Here is the
>> error:
>> Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
>>
>> [Microsoft][ODBC Microsoft Access Driver] Syntax error in INSERT INTO
>> statement.
>>
>> /MyWeb/insert.asp, line 18
>>
>> So, I went to the internet and read that the problem is that I used a
>> reserved word, which I was(password). And so I changed it, on both the
>> access table and the code itself, and it seems that nothing has changed
> for
>> i got the same error again., and I don't know what to do anymore.
>>
>> Here are the codes:
>>
>> <%
>>
>> dim sq
>>
>> dim f
>>
>> dim p
>>
>> dim path
>>
>>
>> f=Request.Form("fMn")
>>
>> p=Request.Form("psW")
>>
>> sq="insert into users(urI,psW) values("&f&","&p&")"
>>
>> set con=Server.CreateObject("ADODB.Connection")
>>
>> con.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
>> Server.MapPath("data/MyData.mdb")
>>
>> con.execute(sq)
>>
>>
>> %>
>>
>>
>>
>> Please help me =(.
>>
>>
>>
>>
>
>
Re: ASP Database error
am 16.06.2007 16:46:06 von reb01501
Chen Leikehmacher wrote:
> Thanks so much. You help has helped me progress, however now I have a
> new problem. This error appear: Operation must use an updateable
> query.
http://www.aspfaq.com/show.asp?id=2062
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Re: ASP Database error
am 08.09.2007 10:25:29 von unknown
Hello! Good Site! Thanks you! iirzoduncsngsk
Re: ASP Database error
am 17.09.2007 13:48:55 von unknown
Hello! Good Site! Thanks you! chszojougfoj