Re: Insert Into Statement Help

From: "Bob Barrows [MVP]" <reb01501@xxxxxxxxxxxxxxx>
Date: Wed, 29 Mar 2006 06:25:36 -0500

pamela anderson wrote:

I am trying to insert a record into my database

What datbase type and version please? It is almost always relevant.

but i get syntax error

INSERT INTO

CAn you help? the code is below

Next
MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues
& ") values (" & MM_dbValues & ")"

The only way to debug a sql statement is to look at it. Enter this code:

Response.Write MM_EditQuery
Response.End

Run your page and look at the sql statement written to the browser window,
If the error is not obvious to you post it here.

You may have a roblem with reserved keywords - see
http://www.aspfaq.com/show.asp?id=2080

If (Not MM_abortEdit) Then
' execute the insert
Set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close

If (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End If
End If

You use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

Personally, i prefer using stored procedures, or saved parameter queries as
they are known in Access:

Access:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gbl

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYxOyvaDHA.4020%40tk2msftngp13.phx.gbl

SQL Server:
http://tinyurl.com/jyy0

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

.

References:
- Insert Into Statement Help
  - From: pamela anderson

Prev by Date: Access DB Error
Next by Date: Re: Access DB Error
Previous by thread: Insert Into Statement Help
Next by thread: Access DB Error
Index(es):
- Date
- Thread

Relevant Pages

Re: tkprof interpreatation question
... library cache--Hard parse) ... Misses in library cache during execute (Misses while about to execute ... closes a cursor and then reopened a cursor with the same SQL statement ...
(comp.databases.oracle.server)
Re: Optimizing inline view
... Mike C wrote: ... Can you verify that the SQL statement that ... I updated the statistics on this table and the thing ... If you are still having problems, execute the three ALTER SESSION ...
(comp.databases.oracle.misc)
Re: ASP Database error
... Use the third argument of the Execute statement to tell ADO that you are ... sql statement does not return records (adExecuteNoRecords). ... This email account is my spam trap so I ...
(microsoft.public.inetserver.asp.db)
Re: newbie, getting cost plan
... I want to get the -real- cost and plan of an sql statement, ... assume that you can execute the SQL statement in question in SQL*Plus, ... However, be aware that this dilutes the information in the trace file, ...
(comp.databases.oracle.server)
Re: dbs.Execute strSQL error - Too few parameters
... executing an update SQL statement in VBA. ... SQL executed with Execute goes straight to Jet without the advantage of the ... What is easier though is to delimit the statement so that the form reference ...
(comp.databases.ms-access)