Re: Writing a GUID to a SQL table

You still aren't showing us the result of

Response.Write writeToTable

We cannot help until we see this.

Phil Kelly wrote:
> Bob et al
>
> Sorry if I was a bit non-committal (I did say I wasn't near the
> machine in question!)
>
> Anyway, when I choose the submit button to write the data from the
> form to the database (Microsoft SQL 2000 SP3a) the results of the
> response.write(accountguid) are as follows:
>
> {3D0917C3-996D-456E-B9C6-019C933D6840}
>
> This is then followed by:
>
> Microsoft OLE DB Provider for SQL Server error '80040e14'
>
> Unclosed quotation mark before the character string
> '{3D0917C3-996D-456E-B9C6-019C933D6840}'.
>
> /testapp/Step1CreateAccountWrite.asp, line 37
>
> The code which generates this error is:
>
> writeToTable = "INSERT into tbl_users(fld_firstname, "&_
> " fld_surname,"&_
> "fld_userGUID) " &_
> " VALUES ('"& Request.Form("fld_firstname") & "', " &_
> " '"& Request.Form("fld_surname") & "', " &_
> " '"&accountguid&"' )"
>
> If I substitute NEWID() for accountguid, the row is correctly written
> to the table, but I don't want this because I want to store the guid as a
> variable, write it to one table and then write it to another table
> immediately
> afterwards.
>
> Thanks for your help!
>
> Phil
>
> "Bob Barrows [MVP]" <reb01501@xxxxxxxxxxxxxxx> wrote in message
> news:uflS9KvCGHA.740@xxxxxxxxxxxxxxxxxxxxxxx
>> Phil Kelly wrote:
>>> Hi and thanks for your response!
>>>
>>> The response.write displays a perfectly formed GUID, no more.
>>
>> You are answering the wrong question.
>> We cannot debug a sql statement without knowing what it is. Seeing
>> the code that generates the statement is only a small part of the story.
>> We need to see the result of "Response.Write writeToTable "
>>
>> Also, we need to know the type and version of the database you are
>> using. I strongly suspect that it is SQL Server, but I dislike guessing
>> ;-)
>>
>> You may find these posts helpful:
>> http://mvp.unixwiz.net/techtips/sql-injection.html
>> http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>>
>> http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e
>>
>> http://tinyurl.com/jyy0
>>
>> --
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap so
>> I don't check it very often. If you must reply off-line, then remove
>> the "NO SPAM"

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


.

Loading