[thelist] ASP using SQL but anoing me like $%&#
Mike Hardaker
mike at angloinfo.com
Sun Jan 28 17:42:31 CST 2001
It looks to me as if the problem is yer SQL, not the semicolon. I think you
need something like this, actually.
Try:
<%
If Request.querystring("action") = "add" then
strsql = "insert into vinstri (name, url, menu, order) " _
strsql = strsql & "values (
strsql = strsql & "'" & Request.form("nafn") & "',"
strsql = strsql & "'" & Request.form("url") & "',"
strsql = strsql & "'" & Request.form("menu") & "',"
strsql = strsql & "'" & Request.form("order") & "')"
elseif REquest.querystring("action") = "edit" then
strsql = "update vinstri set"
strsql = strsql & " name = '" & Request.form("nafn") & "',"
strsql = strsql & " url = '" & Request.form("url") & "',"
strsql = strsql & " menu = '" & Request.form("menu") & "',"
strsql = strsql & " order = '" & Request.form("order") & "'"
strsql = strsql & " where id = " & REquest.querystring("id")
else
Response.write "Houston, we've got a problem!"
Response.end
End if
objRS.Open strsql
%>
I *think* this'll work, but I can't really test it wthout the database and
the rest of the code :-)
Furthermore, I'd recommend using something like:
<% v_nafn = Replace(trim(Server.HTMLEncode(Request.form("nafn"))), "'",
"''") & ""%>
and then placing the new variable (e.g. v_nafin) in the database, rather
than taking the straight request.form data - which can contain stuff that
will make Access barf rather unpleasantly.
Mike
-------------------
Mike Hardaker
Founder & Publisher
AngloINFO
www.angloinfo.com
More information about the thelist
mailing list