Results 1 to 2 of 2

Thread: SQL error any help really appreciated!

  1. #1
    Join Date
    Sep 2005
    Location
    uk
    Posts
    26

    Smile SQL error any help really appreciated!

    I have a SQL error I cannot see and was wondering if u can see it?;

    Code:
    ' build the SQL UPDATE "command string"
    strCmdTxtMem="UPDATE link SET link_text='" & request("linkText") & "',"
    strCmdTxtMem=strCmdTxtMem & " link_url='" & request("linkUrl") & "',"
    strCmdTxtMem=strCmdTxtMem & " link_title='" & request("linkTitle") & "',"
    strCmdTxtMem=strCmdTxtMem & " WHERE link_id=" & request("linkId")
    I outptted the sql and get this error message;

    UPDATE link SET link_text='Blue Anvil', link_url='http://www.blue-anvil.com/', link_title='go to blue anvil design', WHERE link_id=4
    Microsoft JET Database Engine error '80040e14'
    Syntax error in UPDATE statement.
    /editmember_process_basic.asp, line 31


    i really appreciate any help, Anthony

  2. #2
    Join Date
    Jan 2006
    Location
    Manchester England UK
    Posts
    225
    You don't need a comma at the end of this line :
    strCmdTxtMem=strCmdTxtMem & " link_title='" & request("linkTitle") & "',"

    Thats a really nasty approach for a number of reasons and if I were you I'd look into using parameterised SQL with a connection and a command object.
    It's better not only for security but also performance.

    With what you have there your SQL is open to SQL injection attacks and you do not validate user input either.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •