INSERT INTO using HTML forms

Ian Griffiths · Ian Griffiths

I'm having issues witht the code I'm writing. I've dealt with SQL before,
although only for extracting data, not adding it to the database. I've been
intensively learning ASP/ADO over the past week or so. I have a HTML form
that posts data to the following ASP file:

<HTML>
<HEAD>
<TITLE>Sight Bites</TITLE>
</HEAD>

<BODY>

<%
set conn = Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open(Server.Mappath("data/guest.mdb"))

stmt = "INSERT INTO Guest (Name, Location, Date, Email, Website, Comment)"
stmt = stmt & "VALUES ('" & Request.Form("Name") & "', '" &
Request.Form("Location") & "', '" & Date & "', '"
stmt = stmt & Request.Form("Email") & "', '" & Request.Form("Website") &
"', '" & Request.Form("Comment") & "')"

on error resume next
conn.Execute stmt, recaffected
if err<>0 then
response.write "VBScript Errors Occured:" & ""
response.write "Error Number=" & err.number & ""
response.write "Error Descr.=" & err.description & ""
response.write "Help Context=" & err.helpcontext & ""
response.write "Help Path=" & err.helppath & ""
response.write "Native Error=" & err.nativeerror & ""
response.write "Source=" & err.source & ""
response.write "SQLState=" & err.sqlstate & ""
else
Response.Write("Updated!")
end if
conn.Close
%>

<HR/>
<CENTER><H5>2003 Ian Griffiths</H5></CENTER>
</BODY>
</HTML>

I've run this using IIS, but I always seem to get a systax error in my
INSERT statement, but I can't spot one. Anyone got any pointers?

Cheers,

Ian Griffiths.

Dan Brussee · Dan Brussee

On Sun, 26 Oct 2003 13:09:41 +0000 (UTC), "Ian Griffiths"
<Ian_Excelle@btopenworld.com> wrote:

>
> stmt = "INSERT INTO Guest (Name, Location, Date, Email, Website, Comment)"
> stmt = stmt & "VALUES ('" & Request.Form("Name") & "', '" &
>Request.Form("Location") & "', '" & Date & "', '"
> stmt = stmt & Request.Form("Email") & "', '" & Request.Form("Website") &
>"', '" & Request.Form("Comment") & "')"
>
>
>
>I've run this using IIS, but I always seem to get a systax error in my
>INSERT statement, but I can't spot one. Anyone got any pointers?
>

Check a couple things...

First off, use Response.Write stmt just before issuing the statement
to SQL. This might show you more.

Next look at the syntax for delimiters on dates using Access
databases. It requires "#" marks for delimiters.

Lastly, take a look at the comments. If they contain single quotes
anywhere in them, this will make the statement fail. For any data that
a user will type in, it is a good idea to "clean" that data by at
least replacing single quotes with two single quotes. This escapes the
single quote and puts it into the data value and does not use it for a
delimiter. For example: If comment was

I'm Thirsty

then your stmt section would be...

....,'http://www.myweb.com','I'm Thirsty')

The single quote in I'm throws everything off.

The Mighty Chaffinch · The Mighty Chaffinch

> stmt = "INSERT INTO Guest (Name, Location, Date, Email, Website,
Comment)"

> stmt = stmt & "VALUES ('" & Request.Form("Name") & "', '" &

I imagine 'date' is a reserved word in Jet SQL, and possibly 'name' and
some of the others too. In Jet SQL you can use a [...] syntax around
table/column names to use reserved words, but these probably aren't good
choices for column names anyway.

MightyC

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/03

INSERT INTO using HTML forms

Thread Tools

Display

INSERT INTO using HTML forms

Similar Questions and Discussions

Forms Insert Image Field?

Open to insert html?

I need a View, Insert, Update, Delete paradigm for usingflash forms

How to insert html in contribute 3

Insert HTML?

Re: INSERT INTO using HTML forms

Re: INSERT INTO using HTML forms

Posting Permissions