[thelist] ASP using SQL but anoing me like $%&#

Mike Hardaker mike at angloinfo.com
Sun Jan 28 17:42:31 CST 2001


It looks to me as if the problem is yer SQL, not the semicolon. I think you
need something like this, actually.

Try:

<%
If Request.querystring("action") = "add" then

	strsql = "insert into vinstri (name, url, menu, order) " _
	strsql = strsql & "values (
	strsql = strsql & "'" & Request.form("nafn") & "',"
	strsql = strsql & "'" & Request.form("url") & "',"
	strsql = strsql & "'" & Request.form("menu") & "',"
	strsql = strsql & "'" & Request.form("order") & "')"

elseif REquest.querystring("action") = "edit" then

	strsql = "update vinstri set"
	strsql = strsql & " name = '" & Request.form("nafn") & "',"
	strsql = strsql & " url = '" & Request.form("url") & "',"
	strsql = strsql & " menu = '" & Request.form("menu") & "',"
	strsql = strsql & " order = '" & Request.form("order") & "'"
	strsql = strsql & " where id = " & REquest.querystring("id")

else

	Response.write "Houston, we've got a problem!"
	Response.end
End if

objRS.Open strsql
%>

I *think* this'll work, but I can't really test it wthout the database and
the rest of the code :-)

Furthermore, I'd recommend using something like:

<% v_nafn = Replace(trim(Server.HTMLEncode(Request.form("nafn"))), "'",
"''") & ""%>

and then placing the new variable (e.g. v_nafin) in the database, rather
than taking the straight request.form data - which can contain stuff that
will make Access barf rather unpleasantly.

Mike

-------------------
Mike Hardaker
Founder & Publisher
AngloINFO
www.angloinfo.com






More information about the thelist mailing list