Hi,

I know I'm doing something wrong, but I don't know what.

Basically I have 1 file where the user selects which username to amend and then they are passed to this file, the username field is the primary key in the database.

I get the following error msg:-

Microsoft OLE DB Provider for ODBC Drivers error '80040e10'

[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1.

/revcontrol/prs/useradmin/edit.asp, line 20

I have the following code:-

<%
dim conn, rs, strconn

strconn = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("../database/prs.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn
set rs = conn.Execute("SELECT * FROM users WHERE username=" &Request("username")) <---- This is line 20
%>

Can somebody point me in the right direction, as I know I missing something....

TIA

Steve

Where does Request("username") come from?  Does it contain anything?  and maybe you need to terminate the SQL statement with a semicolon, at least in SQL server you do.

Simon

Turn:
set rs = conn.Execute("SELECT * FROM users WHERE username=" &Request("username"))

Into (changes in blue):
set rs = conn.Execute("SELECT * FROM users WHERE username= '" & Request("username") & "'")

(and yes, using fonts on posts that can actually be read help people help you better)

also you may want to look into "SQL Injection" (search that term on google) and hopefully it makes sense... with that code you posted, an amature hacker could get full access to your database with that code you posted

Many thanks MorningZ, works a treat

also noted about the fonts

http://www.nextgenss.com/papers/advanced_sql_injection.pdf - http://www.nextgenss.com/papers/advanced_sql_injection.pdf