Re: Something wrong with my INSERT INTO

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Maxi wrote:
Bob Barrows [MVP] wrote:
Maxi wrote:
I did something with the code and changed it a bit.

Yeah, you added On Error resume Next, which is now masking your
error. :-)

I removed the On error line and now I get error:
Error Type:
Microsoft JET Database Engine (0x80040E14)
Syntax error in INSERT INTO statement.
/v/results.asp, line 14

What is wrong with the INSERT INTO statement.

The only way to find out is to look at it. the only way to look at it is to
response.write it.

sql = "INSERT ... "
Response.Write sql
Response.End

Run the page and look at the statement in the browser. Try opening your
database in Access and running the sql statement there. If you still can't
figure it out, look at the rules for delimiters in sql statements which I
talk about in this post:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gbl

If you still can't figure it out, post the datatypes of the fields in your
table and the ssql statement that got written to the browser window.

Or is it that the error
is somewhere else?
No. the error message is very specific. It's definitely coming from the
database (note the source: JET)


You use of dynamic sql is leaving you vulnerable to hackers using sql
injection:

I am not worried about hackers as I am not going to host this. This is
for my employees. The reason why I selected ASP is because these guys
don't have excel to enter data.

The majority of hacks are done by disgruntled employees ...


See here for a better, more secure way to execute your queries by
using parameter markers:

Personally, I prefer using stored procedures, or saved parameter
queries as they are known in Access:

I don't want to make my code better, efficient or effective.

How about easier-to-write? Doesn't that appeal?

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


.

Relevant Pages

  • Re: rs.RecordCount issue...
    ... The SQL statement runs fine ... i checked the database on various instances and see ... 'msgbox "Check client_DB temp" ... Please reply to the newsgroup. ...
    (microsoft.public.scripting.vbscript)
  • Re: UPDATE in loop?
    ... debug a sql statement is to see what it is. ... You also have not answered the "what database?" ... >>> all 172 records to show the overall calculation on the page, ... Please reply to the newsgroup. ...
    (microsoft.public.inetserver.asp.db)
  • Re: What is the performance of FileSystemObjects Copy method
    ... > FileSystemObject I'd like to ask more knowledgeable programmers. ... information in the database. ... involve passing < 100 bytes containing a sql statement or call to a stored ... Please reply to the newsgroup. ...
    (microsoft.public.scripting.vbscript)
  • Re: Unable to update SQL db
    ... You've just told me your sql statement was referencing an invalid ... Here is the isql command I am trying to model my script after.. ... create_block in a database called TEST_SERVERS. ... Please reply to the newsgroup. ...
    (microsoft.public.scripting.vbscript)
  • RE: Restore public folders and companyweb
    ... Thank you for posting in the SBS newsgroup. ... I understand that the Public Folder Store ... database cannot be mounted due to integrity problems, ...
    (microsoft.public.windows.server.sbs)