I've been trying to get a login script written for my website to authenticate users, however I keep getting an error saying my syntax is incorrect (with regards to the Insert Into statement).  I will say that this code is not mine, I got it from an article elsewhere on the web, however I cannot see what is wrong (I'm still new to this whole ASP thing).  If anyone can offer any assistance, I'd really appreciate it.

Code follows:
------------------------

<html>
<head></head>
<body>

<%

Dim sSQL
Dim conn
Dim rs

set conn = Server.CreateObject("ADODB.Connection")
set rs = Server.CreateObject("ADODB.Recordset")

'Create a DSN less connection
conn.Provider = "Microsoft.Jet.OLEDB.4.0"
conn.ConnectionString = "Data Source =" & Server.MapPath("db/siterelated.mdb")
conn.Open

strSQL = "SELECT firstname,lastname FROM login"
set rs = conn.Execute (strSQL)

if (rs.BOF) and (rs.EOF) then

sSQL = "INSERT INTO login (firstname,lastname,username,password) Values " & _
 "('" & Ucase(Request("firstname")) & _
 "', '" & Request("lastname") & _
 "', '" & Request("userid") & _
 "', '" & Request("password") & "')"
conn.Execute sSQL,adCmdText

else

SQL = "DELETE * FROM login WHERE username = '" & Request.Form("userid")
 conn.Execute SQL

end if

sSQL = "INSERT INTO login (firstname,lastname,username,password) Values " & _
"('" & Ucase(Request("firstname")) & _
"', '" & Request("lastname") & _
"', '" & Request("userid") & _
"', '" & Request("password") & "')"
conn.Execute sSQL,adCmdText

'close the recordset
rs.Close
set rs = Nothing

'close the connection
conn.Close
set conn = Nothing

%>

<font face="verdana">
<h2>Your login details have been saved to the database.</h2><br />
<a href="login.htm">Click here to access the login page!</a>
</body>
</html>

--------------------
The error is with line 28 (conn.Execute sSQL,adCmdText) and I have no clue what the deal is.  Someone please help!!! ;)

-Josh

not sure with the error on 28 is, but even if you did fix it, the line:

SQL = "DELETE * FROM login WHERE username = '" & Request.Form("userid")

will bomb because it lacks a closing tick mark

SQL = "DELETE * FROM login WHERE username = '" & Request.Form("userid") & "'"

Thanks MorningZ.  I'll fix that one up and see what else I can do.  I've been over the code over and over again with regards to the error and I can't figure out what the deal is.  My web host is Brinkster so I'm not sure if that may cause any kind of trouble or not.  We'll see.  Thanks again though.

-Josh

since you are new to ASP as you say, i'll give you a little advice...

The dll that provides errors doesn't lie!

if its saying: "keep getting an error saying my syntax is incorrect", then yep.. something is wrong with your syntax, it should even be giving you a ^ to RIGHT where the error is happening....

you'll need to :
Response.Write(sSQL)
Response.End

right after you create the SQL statement and inspect it yourself manually.......   if you are getting caught up on this for multiple days, you have a long way to go  :(

I added the Response.Write(sSQL) adn the Response.End right after the querey and here is the output:

INSERT INTO login (firstname,lastname,username,password) Values ('JOSH', 'hart', 'josh', '####')

Still the error.  I then tried running the above insert into statement on the database itself aside from the ASP page and it worked perfectly.  Perhaps I do have a long way to go...who knows.  Thanks for the help.

Try this

conn.Execute sSQL

leave off the "adCmdText"