inserting data through ASP Page
Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=11880
Printed Date: 29 March 2026 at 2:08am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: inserting data through ASP Page
Posted By: gupta_ji
Subject: inserting data through ASP Page
Date Posted: 20 September 2004 at 3:46pm
|
I am trying to insert the data through SQL Query (more than 255 Characters) in a MEMO field of an MS Access Database. But I am getting following error Microsoft JET Database Engine error '80040e14' Syntax error (missing operator) in query expression ''I If I reduce the data below 255 Characters the query works perfectly. Can anybody help me on this. ------------- http://www.sgrj.com" rel="nofollow - chartered accountants India , http://www.delhiprofessionals.com" rel="nofollow - accounting Outsourcing ISO Certification |
Replies:
Posted By: michael
Date Posted: 20 September 2004 at 4:18pm
|
That usually happens if you do not cancel out your quotes. If you parse the sql insert as text, and it contains a ' or a " then the sql will think there is a end of char and expects some operateor next. Make sure to read up on SQL Injection prevention to get around that, could give you a simpler answer but it would leave your site VERY vounerable. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Posted By: gupta_ji
Date Posted: 20 September 2004 at 4:25pm
|
Thanks for your reply. But I donot know how to cancel the quotes. Can you tell me. I am mention below my update query. description=Request.Form("description") strsql = "insert into query(cid, description, company, name, email, phone, address, turnover, employees, sites, products, tdate, country)" & _ "values('" & cid & "','" & description & "','" & company & "','" & name & "','" & email & "','" & phone & "','" & address & "','" & turnover & "','" & employees & "','" & sites & "','" & products & "','" & tdate & "','" & country & "')" I am getting error on "description" Field.
------------- http://www.sgrj.com" rel="nofollow - chartered accountants India , http://www.delhiprofessionals.com" rel="nofollow - accounting Outsourcing ISO Certification |
Posted By: Mart
Date Posted: 20 September 2004 at 4:27pm
|
You could do it with a replace, but as Michael says that will leave you open to SQL injection attacks. Check out google http://www.google.com/search?hl=en&lr=&ie=UT F-8&client=firefox-a&q=prevent+sql+injection+asp& ;btnG=Search Or A9 http://a9.com/prevent%20sql%20injection%20asp  |