what is wrong here? Please help
-
Hi, I am getting the following error: Line 1: Incorrect syntax near ','. conn.Execute = "UPDATE JOB SET " &_ "TITLE='" & cleanText(sTitle) & "', " &_ "CATEGORY=" & cleanText(sCategory) & ", " &_ "DEPARTMENT='" & cleanText(sDepartment) & "', " &_ "DESCRIPTION='" & cleanText(sDescription) & "', " &_ "RESPONSIBILITIES='" & cleanText(sResponsibility) & "', " &_ "REQ='" & cleanText(sRequirements) & "', " &_ "COMPENSATION='" & cleanText(sCompensation) & "', " &_ "CONTACT_PERSON='" & cleanText(sContactPerson) & "', " &_ "CLOSINGDATE='" & cleanText(sClosingDate) & "', " &_ "CONTACT_EMAIL='" & cleanText(sContactEmail) & "', " &_ "StatusId='" & 0 & "' WHERE ID=" & jobID
-
Hi, I am getting the following error: Line 1: Incorrect syntax near ','. conn.Execute = "UPDATE JOB SET " &_ "TITLE='" & cleanText(sTitle) & "', " &_ "CATEGORY=" & cleanText(sCategory) & ", " &_ "DEPARTMENT='" & cleanText(sDepartment) & "', " &_ "DESCRIPTION='" & cleanText(sDescription) & "', " &_ "RESPONSIBILITIES='" & cleanText(sResponsibility) & "', " &_ "REQ='" & cleanText(sRequirements) & "', " &_ "COMPENSATION='" & cleanText(sCompensation) & "', " &_ "CONTACT_PERSON='" & cleanText(sContactPerson) & "', " &_ "CLOSINGDATE='" & cleanText(sClosingDate) & "', " &_ "CONTACT_EMAIL='" & cleanText(sContactEmail) & "', " &_ "StatusId='" & 0 & "' WHERE ID=" & jobID
-
Hi, I am getting the following error: Line 1: Incorrect syntax near ','. conn.Execute = "UPDATE JOB SET " &_ "TITLE='" & cleanText(sTitle) & "', " &_ "CATEGORY=" & cleanText(sCategory) & ", " &_ "DEPARTMENT='" & cleanText(sDepartment) & "', " &_ "DESCRIPTION='" & cleanText(sDescription) & "', " &_ "RESPONSIBILITIES='" & cleanText(sResponsibility) & "', " &_ "REQ='" & cleanText(sRequirements) & "', " &_ "COMPENSATION='" & cleanText(sCompensation) & "', " &_ "CONTACT_PERSON='" & cleanText(sContactPerson) & "', " &_ "CLOSINGDATE='" & cleanText(sClosingDate) & "', " &_ "CONTACT_EMAIL='" & cleanText(sContactEmail) & "', " &_ "StatusId='" & 0 & "' WHERE ID=" & jobID
What kind of object is
conn? There is no built-in class that has a property named Execute, is it a class of your own? Does setting the property execute the query? What data type is the field CATEGORY? Shouldn't there be apostrophes around the value? What does the cleanText method do? Does it encode the strings properly to be inserted as string literals in an SQL query? What kind of database are you using?--- single minded; short sighted; long gone;
-
.execute is a function not a property whihc can be assinged a values... it should be conn.Execute("your query"); and i guess the ";" is also missing
Deepak Surana
-
Hi, I am getting the following error: Line 1: Incorrect syntax near ','. conn.Execute = "UPDATE JOB SET " &_ "TITLE='" & cleanText(sTitle) & "', " &_ "CATEGORY=" & cleanText(sCategory) & ", " &_ "DEPARTMENT='" & cleanText(sDepartment) & "', " &_ "DESCRIPTION='" & cleanText(sDescription) & "', " &_ "RESPONSIBILITIES='" & cleanText(sResponsibility) & "', " &_ "REQ='" & cleanText(sRequirements) & "', " &_ "COMPENSATION='" & cleanText(sCompensation) & "', " &_ "CONTACT_PERSON='" & cleanText(sContactPerson) & "', " &_ "CLOSINGDATE='" & cleanText(sClosingDate) & "', " &_ "CONTACT_EMAIL='" & cleanText(sContactEmail) & "', " &_ "StatusId='" & 0 & "' WHERE ID=" & jobID
here the syntax is correct but when you inject the values there migt be some special characters , or '..So sql injection is little dangerous in codeing any time it will break...Better write stored procedure and call it in the front end. All the best
Regards, Sylvester G Senior Software Engineer Xoriant Solutions sylvester_g_m@yahoo.com Score it if you like my post