PDA

View Full Version : SQL error any help really appreciated!



commandprompt
16 Jun 2006, 06:36 AM
I have a SQL error I cannot see and was wondering if u can see it?;


' build the SQL UPDATE "command string"
strCmdTxtMem="UPDATE link SET link_text='" & request("linkText") & "',"
strCmdTxtMem=strCmdTxtMem & " link_url='" & request("linkUrl") & "',"
strCmdTxtMem=strCmdTxtMem & " link_title='" & request("linkTitle") & "',"
strCmdTxtMem=strCmdTxtMem & " WHERE link_id=" & request("linkId")

I outptted the sql and get this error message;

UPDATE link SET link_text='Blue Anvil', link_url='http://www.blue-anvil.com/', link_title='go to blue anvil design', WHERE link_id=4
Microsoft JET Database Engine error '80040e14'
Syntax error in UPDATE statement.
/editmember_process_basic.asp, line 31


i really appreciate any help, Anthony

DanInManchester
16 Jun 2006, 06:53 AM
You don't need a comma at the end of this line :
strCmdTxtMem=strCmdTxtMem & " link_title='" & request("linkTitle") & "',"

Thats a really nasty approach for a number of reasons and if I were you I'd look into using parameterised SQL with a connection and a command object.
It's better not only for security but also performance.

With what you have there your SQL is open to SQL injection attacks and you do not validate user input either.