Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ASP / Database Access / September 2007


Tip: Looking for answers? Try searching our database.

ASP Database error

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Chen Leikehmacher - 16 Jun 2007 13:36 GMT
Hi.

I'm currently working on a project for highschool and I'm creating a
website. I am currently on the works of achieving connection to the database
but I seem to get an error everytime I try to run the ASP. Here is the
error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in INSERT INTO
statement.

/MyWeb/insert.asp, line 18

So, I went to the internet and read that the problem is that I used a
reserved word, which I was(password). And so I changed it, on both the
access table and the code itself, and it seems that nothing has changed for
i got the same error again., and I don't know what to do anymore.

Here are the codes:

<%

dim sq

dim f

dim p

dim path

f=Request.Form("fMn")

p=Request.Form("psW")

sq="insert into users(urI,psW) values("&f&","&p&")"

set con=Server.CreateObject("ADODB.Connection")

con.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
Server.MapPath("data/MyData.mdb")

con.execute(sq)

%>

Please help me =(.
Reply to this Message
Bob Lehmann - 16 Jun 2007 14:06 GMT
>> sq="insert into users(urI,psW) values("&f&","&p&")"

Should be -
sq="insert into users(urI,psW) values('"&f&"','"&p&"')"

Bob Lehmann

> Hi.
>
[quoted text clipped - 42 lines]
>
> Please help me =(.
Reply to this Message
Chen Leikehmacher - 16 Jun 2007 15:31 GMT
Thanks so much. You help has helped me progress, however now I have a new
problem. This error appear: Operation must use an updateable query.
I haven't quite understood what was asaid about it on the internet.
Please help me =(.

>>> sq="insert into users(urI,psW) values("&f&","&p&")"
>
[quoted text clipped - 51 lines]
>>
>> Please help me =(.
Reply to this Message
Bob Barrows [MVP] - 16 Jun 2007 15:46 GMT
> Thanks so much. You help has helped me progress, however now I have a
> new problem. This error appear: Operation must use an updateable
> query.
http://www.aspfaq.com/show.asp?id=2062

Signature

Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Reply to this Message
Bob Barrows [MVP] - 16 Jun 2007 14:27 GMT
> sq="insert into users(urI,psW) values("&f&","&p&")"
>
[quoted text clipped - 4 lines]
>
> con.execute(sq)

Bob handled your delimiter mistake, so let me comment on some other issues
with your code.

1. First, do yourself and whoever maintains yor code after you a  favor and
use whitespace:

...(" & f & "," & ... instead of ...("&f&","&...
When I first tried to read your code, I got the impression that you were
tring to insert data containing the ampersands into the database, rather
than attempting concatenation.

2. Use a native OLE DB provider instead of the generic ODBC provider:
http://www.aspfaq.com/show.asp?id=2126

3. Use the third argument of the Execute statement to tell ADO that you are
passing a string containing a sql statement to be executed (adCmdText) and,
in this case, that you do not want ADO to create a recordset given that your
sql statement does not return records (adExecuteNoRecords). Here is how:
con.execute sql,,129
or
const adCmdText=1
const adExecuteNoRecords = 128
con.execute sql,,adCmdText + adExecuteNoRecords

1. And, most importantly:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36
562fee7804e

Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:

Access:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%4
0TK2MSFTNGP12.phx.gbl

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYxOyvaDHA.402
0%40tk2msftngp13.phx.gbl

Signature

Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Reply to this Message
ksrsxtezyi - 08 Sep 2007 09:25 GMT
Hello! Good Site! Thanks you! iirzoduncsngsk
Reply to this Message
qnzyazjpyi - 17 Sep 2007 12:48 GMT
Hello! Good Site! Thanks you! chszojougfoj
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.