Re: Too few parameters. Expected 1.

---

• From: "bobojones" <bobojones69@xxxxxxxxxxx>
• Date: Thu, 18 Jan 2007 15:27:07 -0600

---

Thanks,

I will look in to the pages you suggested.


"Bob Barrows [MVP]" <reb01501@xxxxxxxxxxxxxxx> wrote in message
news:eAuuKY0OHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx

bobojones wrote:

I am getting the following error in my code "Too few parameters.
Expected
1." I am getting it on the following line

set rs = conn.Execute(SQLStatement)

When I put in response.write (SQLstatement) I get
SELECT * FROM QPR WHERE Status= Closed

String literals need to be quote-delimited. Try running this statement
in the query execution tool of whatever database you are using and see
for yourself.

If I change it to set rs = conn.Execute("SELECT * FROM QPR")
it will work.
I need ot be able to use the where clause. This is how I am setting
SQLstatement.
SQLStatement = "SELECT * FROM QPR WHERE Status= " &
Request.QueryString("Status")

See below for an alternative to using dynamic sql. To fix this
statement, you would do this:

SQLStatement = "SELECT * FROM QPR WHERE Status= '" & _
Request.QueryString("Status") & "'"

Of course, this will fail if Request.QueryString("Status") contains an
apostrophe. You can eliminate all these problems with delimiters by
using parameters.

Further points to consider:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

Personally, I prefer using stored procedures, or saved parameter queries
as they are known in Access:




--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

.

---

• References:
  • Too few parameters. Expected 1.
    • From: bobojones
  • Re: Too few parameters. Expected 1.
    • From: Bob Barrows [MVP]

• Prev by Date: Re: Too few parameters. Expected 1.
• Next by Date: I'm phuxored (complete ASP n00b) - Multiple checkboxes on a form?
• Previous by thread: Re: Too few parameters. Expected 1.
• Next by thread: I'm phuxored (complete ASP n00b) - Multiple checkboxes on a form?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Something wrong with my INSERT INTO ... error but the data is not getting recorded in the database. ... You use of dynamic sql is leaving you vulnerable to hackers using sql ... Personally, I prefer using stored procedures, or saved parameter queries as ... Please reply to the newsgroup. ... (microsoft.public.scripting.vbscript) Re: Form login ... dont u think? ... If you are using dynamic sql then yes, ... Personally, I prefer using stored procedures, or saved parameter queries ... Please reply to the newsgroup. ... (microsoft.public.inetserver.asp.db) Re: Too few parameters. Expected 1. ... When I put in response.write (SQLstatement) I get ... See below for an alternative to using dynamic sql. ... Personally, I prefer using stored procedures, or saved parameter queries ... Please reply to the newsgroup. ... (microsoft.public.inetserver.asp.db) Re: dates ... you need to stop trying to use dynamic sql and use parameters ... If you'd rather not use saved parameter queries, ... format: ... Please reply to the newsgroup. ... (microsoft.public.inetserver.asp.db) Re: How do I link the results from sp_executeSQL to a gridview? ... I built a stored procedure that needed to use dynamic sql for a search ... but this is a classic ADO newsgroup. ... gridview and simply call the Fillmethod but the ... (microsoft.public.data.ado)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.asp.db  > 2007-01