Auto-escape INSERT Statement
I have a 'memo' form field being entered into an access database.If people put in characters other then text (Quotes, operators, etc) then I get an insert error:
----
User Input: oh let's see - a va
Error:
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''oh let's see - a va', 'No additional comments submitted')'.
----
Is there a way to get this into the database? In php, I would simply use the function 'addslashes()' (escaping the string) - is there a similar function in ASP or am I doing something else wrong?
View Replies
ADVERTISEMENT
I am inserting records into an Access table using the OleDbCommand class. The insert values come from a basic web form with text boxes. If the values contain ' or " it creates a problem. What is the proper way to escape these characters? Surely there's a built-in function for it somewhere.
View Replies
View Related
I am having problem inserting the auto_increment id (FID) of table "TOPIC" to FTopicID of Table Msgs. Code:
View Replies
View Related
i have a field with a list of wrong ID (random) and i wish to replac
them with a sequential (auto-increment) value. how to remove the valu
and to add in the sequential ID?
View Replies
View Related
Im running a select statement to a database and wish to display the relevant records into a table. For some reason, its not liking this - can someone see why, and or tell me an easier way to produce an 'automatically generating' table of results.
<% @language="vbscript" %>
<% Option Explicit %>
<% Response.Buffer=True %>
<html>
<head>
<title>Search Results</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<!-- #include file="dbConn.asp" -->
<!-- #include file="adovbs.inc"-->
<h1>Your search results returned the following popup messages:</h1>
<% Dim msgtype, title, message, url
msgtype=request.form("type")
title=request.form("title")
message=request.form("msg")
url=request.form("URL")
Dim adoDB, adors, strSQL
set adoDB = Server.CreateObject("ADODB.Connection")
adoDB.Open strConnection
set adoRS = Server.CreateObject("ADODB.RecordSet")
strSQL="SELECT PID,P_TITLE,P_MSG,P_URL,P_TYPE FROM POPUP WHERE ("
If msgtype <> "" then
strSQL=strSQL & "P_TYPE='" & msgtype & "' "
If title <> "" then
strSQL=strSQL & "OR P_TITLE LIKE '%" & title & "%' "
If message <> "" then
strSQL=strSQL & "OR P_MSG LIKE '%" & message & "%' "
If url <> "" then
strSQL=strSQL & "OR P_URL LIKE '%" & url & "%' "
End if
strSQL=strSQL & ")"
'DEBUG ONLY!!
'response.write strSQL
'response.end
adoRS.Open strSQL, adoDB
' Loop through the recordset to display the records
Do While Not adoRS.EOF
& " <tr> " &
& " <td> " & Response.Write adoRS.Fields("PID").Value & " </td> "
& " <td> " & Response.Write adoRS.Fields("P_TYPE").Value & " </td>"
& " <td> " & Response.Write adoRS.Fields("P_TITLE").Value & "</td>"
& " <td> " & Response.Write adoRS.Fields("P_MSG").Value & "</td>"
& " <td> " & Response.Write adoRS.Fields("P_URL").Value & "</td></tr>"
adoRS.MoveNext
Loop
& " </table> " &
' Tidy up afterwards
adoRS.Close
Set adoRS = Nothing
adoDB.Close
Set adoDB = Nothing
%>
</body>
</html>
View Replies
View Related
I am using ASP to talk to an SQL database. Most of my tables have a primary key named 'ID'. Is there a way to grab the ID of a record in the same line as the INSERT statement?
View Replies
View Related
how can i write an insert whereby.my attributes in Mainshift table is shiftdate, line, shift & description. ShiftDate and Line is the primary key.so i want to insert the shiftdate, from today's date until around 31st Dec 2008 and line i want to do a select distinct statement where i will extract from execmaster table.
for the shift i want it to be a default "2". for the description all is all "working day"can anyone help on how to write an insert statement on this?
View Replies
View Related
I am using simple insert statement that works fine but it doesn't work when you put " ' ", for example "let us" works not " let's us" because of ' sign....
is there anyway user can add anything?
View Replies
View Related
I have an asp page which runs an update into our mysql database.
The only problem I have is that a user selects a customer from a
dropdown (this is database fed), and I require the selected item to be
loaded into the db.
All I can get in the database is the first part of
their name upto the first space ?
i.e. if the selected item from the dropdown is A B Knowles, the
database entry is 'A'
cust = request.form("customername")
I have tried adding ' " & cust & " ' for the insert statement
What do I need to do to fix this minor glitch.
View Replies
View Related
Can any one tell me what is wrong with this insert statement:
sql = "INSERT INTO Questions (Question,SurveyId,CatId) VALUES ('" & question & "','" & surId & "','" & Sig &"') "
and why when I print it to screen, it shows this:
INSERT INTO Questions (Question,SurveyId,CatId) VALUES 'this si a test','38, 3','');
I have used similar and it works, they are the right values bit wont work..?
View Replies
View Related
I have a asp page that contains link(A href tag) to some other page.When the user clicks on the link ,I want to perform a insert SQL statement and then link it to target page.Is it possible?
View Replies
View Related
I have been working on this problem for a long time and cannot figure out why i am getting a problem. Code:
View Replies
View Related
I have an old web app that ues an Access database and ASP 3.0. I need to build an INSERT statement based on the contents of a form. What is the best way to handle blank text boxes that are submitted with the form?
For example, I collect all my name/value pairs that are submitted with the form like this... Code:
View Replies
View Related
Can somebody check the insert statement i have written?Ofcourse it is giving error.But what i am trying to accomplish here is i want the records to be inserted and then after the records are inserted ,i want it to be sorted and then displayed onto the page.i modified my insert statement to accomplish the same ,but i am sure its totally wrong.
After performing insert..i want to display records in a ascending order..how do i do that?
here is my isnert statement: Code:
View Replies
View Related
Been trying this for over 2 hours now, and I can't seem to figure it out. I tried browsing these forums for any clues but can't find a problem quite like mine.
Dim conn, rs
Set conn = Server.CreateObject("ADODB.Connection")
conn.open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("database.mdb") & ";"
sql = "INSERT into booking(numid, carNo, workshop, bookDate, bookTime, status) VALUES('"& tempNum &"', '"& carno &"', '"& workShop &"', '"& bookDate &"', '"& bookTime &"', '"& status &"')"
conn.Execute (sql)
I keep getting a "Operation must use an updatable query" error message.
View Replies
View Related
Having a problem with my change password code. It bombs on the INSERT statement.....I get an error stating thier is a syntax error in my insert statement but I can't figure out where. The delete statement works fine and yes all the variables are getting passed. Code:
View Replies
View Related
I am used to SQL Server, no Access, but this one thing has to be done in
Access. Can you tell me if this query will work, based on the syntax?
I am trying create a new row on the database, in one table, and the primary
key is an Autonumber called PersonalID. This is on the second page, which
shows after the personal has filled out some info on the first page, then
submitted the form using POST. Database name is Shape, and table is named
Personal. Code:
View Replies
View Related
i have this error on the regisration page of the website i'm doing.
Microsoft VBScript compilation error '800a0409'
Unterminated string constant
/Shop/register_process_corp.asp, line 40
SQL = "INSERT INTO
------------------^
Code:
View Replies
View Related
The block of code below shows how I am inserting field values into my dbase table:
strSQLStatement = "INSERT INTO tblArticles
(handid,ArticleDate,sport,articleheader, fpick,articleText) "_
& "SELECT '" & handid & "' As handid, '" _
& ArticleDate & "' As ArticleDate, '" _
& sport & " As sport, " _
& articleheader & "' As articleheader, '" _
& fpick & "' As fpick, '" _
& articleText & "' As articleText;"
Conn.Execute(strSQLStatement)
but I am getting an "Insert statement contains fewer items than the insert list" error , when in fact I am not (both 6 field names).
View Replies
View Related
How can i get the autonumber(primary key value) from the specific rows when i just insert it.Example
i just insert the member information.
sql="INSERT IMTO register(user,password,address) VALUES (shujuan,841218,singapore)"
so how can i get the autonumber value for this row after i just create it.
View Replies
View Related
Three tables: Registration, Session, Payment: Joined with 1 to many rel. starting with registration, moving to session and ending with payment.
Form 1: Registration= INSERT INTO statement works fine. Reg table now has fields populated with form data.
Form 2: Session= <<<<<this is where the problem occurs>>>>>
Form 3: <<<<<<problem as well>>>>>>
When i want to do another INSERT INTO statement, I have to know the RegID from the earlier table join(registration). Of course, I can't run either Form 2 or Form 3 without knowing the RegID from the Registration table begin point.
I don't know how to increment the RegID as a foreign key in a joined table over the internet. Using Access over the network it's real easy to pass the foreign keys and the design seems to be more flexible this way, but I need to update tables and present stored data to the user across the internet.
View Replies
View Related
i have a problem while running an insert query into SQL using ASP. sometimes the query inserts the values twice.
View Replies
View Related
I want to know the opinion of you all great guys out there whether AddNew method of recordset is better to use & secure than simply a insert statement.
View Replies
View Related
I dynamically load a question into a form along with its answer and its name (1,2,3...).
It's name is the the numeric value loaded but I ad on: Code:
View Replies
View Related
Now I know I posted this elsewhere twice but no one seems to even be looking at them. I really am stumped by this problem.
I recieve the error:
Microsoft JET Database Engine error '80040e14'
Syntax error in INSERT INTO statement.
/quizmaker/admin/create_teacher.asp, line 20
DIM mySQL
mySQL = "INSERT INTO users(user, password) VALUES('"& uname &"', "& pword &")"
USERS1.open mySQL , objConn <----- Line 20.
View Replies
View Related
Syntax error in INSERT INTO statement.
Please download the attachment and unzip it.
I have 4 files:
Starting with "signup.asp" - fill up the registration form. this will forward you to next form.
"signup_process.asp" - process the filled form
"signup_success.asp" - indicate that register successfully
"Database.mdb" - the database file (MS Access 2000 format)
My problem occurs in "signup_process.asp".
The error message found in IE:
Error Type:
Microsoft JET Database Engine (0x80040E14)
Syntax error in INSERT INTO statement.
/myweb/signup_process.asp, line 31
I look through my code, but found no mistake.
But why still I cannot add the information in the form into the "Database.mdb"?
View Replies
View Related
I've see this error message when I try to submit my form..
Help with Syntax error in INSERT INTO statement. line 153
Here's the SQL Code:
View Replies
View Related
i tried to insert data's to a table and its working ..but the only problem is when i click the button Submit(to add data)its adding 2 rows of data... 1 is the data's which i entered n the other 1 is a blank row of data...so when i log out n run the form again..error occured.. saying that confilcts in a primary key.. coz there is a blank rows in the table... Code:
View Replies
View Related
i'm reading in a .csv file and then inserting the data into a mssql db. batchid sometimes shows up blank. the values that are disappearing begin with the letter "N", such as "NP2338" or "N00312". outside of those that begin with "N", the rest are a five digit number. the table field is varchar. why is it dropping those that begin with "N"?
View Replies
View Related
I am having problem with the following Insert Statement when used on Production Web server with SSL(https://...., Verisign).
This doesn't occur everytime. Our studies shows that it is occurring approximately between1-2% of the total applications/Year(70-80K).
After adding some debugging, the insert statement, after failing, is giving
the following error:
Error NUmber: #-2147217833
Error Desc[Microsoft][ODBC driver for Oracle][Oracle]ORA-01401: inserted
value too large for column
Ironically, 75% of the time, when the users resubmit the page the record
will be inserted. Code:
View Replies
View Related
My Code is as follows, im basically trying to get the value from a radio button from another page for a vote, take the value thats allready in the table add 1 to the value and then insert it back into the database, then create a voted cookie and redirect back to the same page to view the vote results. Code:
View Replies
View Related
I keep getting the same error... Syntax error in INSERT INTO statement. (line 14) Code:
View Replies
View Related
I am making a masters page with delete, update , and insert fuctionality, i am using the insert.asp page with a form to submit the data and insert it in the database by prossesing a seperate page called insert_prosessor that has the Insert Statement to insert the data.
Now i am having trouble with the insert_prosessor as it's ERROR message reads" syntax error in INSERT Statement" I cant find the problem.. Code:
View Replies
View Related